Ask Slashdot: Preventing Snowden-Style Security Breaches? 381
Nerval's Lobster writes "The topic of dealing with insider threats has entered the spotlight in a big way recently thanks to Edward Snowden. A former contractor who worked as an IT administrator for the National Security Agency via Booz Allen Hamilton, Snowden rocked the public with his controversial (and unauthorized) disclosure of top secret documents describing the NSA's telecommunications and Internet surveillance programs to The Guardian. Achieving a layer of solid protection from insiders is a complex issue; when it comes to protecting a business's data, organizations more often focus on threats from the outside. But when a trusted employee or contractor uses privileged access to take company data, the aftermath can be as catastrophic to the business or organization as an outside attack. An administrator can block removal of sensitive data via removable media (Snowden apparently lifted sensitive NSA data using a USB device) by disabling USB slots or controlling them via access or profile, or relying on DLP (which has its own issues). They can install software that monitors systems and does its best to detect unusual employee behavior, but many offerings in this category don't go quite far enough. They can track data as it moves through the network. But all of these security practices come with vulnerabilities. What do you think the best way is to lock down a system against malicious insiders?"
simple (Score:5, Insightful)
Simple. Do good, make people working for you feel they're doing something good for the world.
Re:simple (Score:4, Insightful)
Yes, well, perhaps in La-la Land. Here, in reality, no matter how good your organization may be (for whatever definition of "good" you choose to use), you may still end up with bad employees. The question of securing your data shouldn't be about good or evil, or any particular moral judgment, but simply about how to make sure you're critical and confidential data doesn't end up being ripped off.
Re:simple (Score:4, Insightful)
Let's say that the PRISM program managed to stop X number of terrorist attacks. As an NSA employee you might very well consider your work to be of good. Otherwise you would probably not work there. And this is probably true for many types of jobs. Good is a relative term, it depends on the viewer.
Re:simple (Score:5, Insightful)
Let's say that the PRISM program managed to stop X number of terrorist attacks. As an NSA employee you might very well consider your work to be of good. Otherwise you would probably not work there. And this is probably true for many types of jobs. Good is a relative term, it depends on the viewer.
You seem to be under the impression that most people have the job they have because they want to "do good."
That is incorrect; the actual reason most people have a job at all is because it's damn-near-if-not impossible to survive today without some form of monetary income.
I'm guessing the dicks at the NSA (yea, that's right, I called you all dicks. Prove me wrong.) do what they do because the paycheck is quite fat; on the other hand, I guess some people would sell their own mother to the slavers for a pack of smokes and a lighter...
Re:simple (Score:5, Funny)
I'm guessing the dicks at the NSA (yea, that's right, I called you all dicks. Prove me wrong.)
Come on man, I've gone through your email, we have a lot of the same hobbies, we could be friends.
You could invite me, or I can just show up and we can go shooting. I already know the time and place. I'll pick up some subs at Blimpie's on the way over, that cool?
I support the NSA's collection and leaking! (Score:5, Interesting)
I've given this a lot of thought, and compiled a solid rant on the subject.
My thesis about privacy in 2013 - 2020:
Lets start with some facts:
1. The Spy agencies in NZ, UK, USA, Australia and Canada spy on everyone, even their own citizens. 2. The UK copies literally everything that traverses the Internet and keeps it for 3 days for analysis (EVERYTHING!) 3. The USA shares this information (including commercial secrets) with its private enterprises to help them win international business. 4. So many people work for these agencies that from time to time this information is made public. 5. Nobody really cares. 6. The chances of any of these organisations giving up such a valuable source of power are about the same as global nuclear disarmament 7. It’s only a matter of time until the local police have access to all this information. 8 . In 2001, as sysadmin of BSSC I could read the email of every teacher and every student at that school, without leaving a trace of evidence, nor with any fear of punishment for wrongdoing.
So, I assert: You have no privacy online. You never really did. It was only by unspoken rule of sysadmins that we let you have the illusion of privacy. Ed Snowden betrayed sysadmins.
Strangely, Google poise to release the most important advancement toward our goal of total access to information - a video camera strapped to every second person’s head (Google Glass), and people are up in arms (9) and so are the governments best poised to take advantage! (10).
I think we’ve got it all wrong. Let’s stop bitching about this rampant surveillance and embrace it.
Let’s get our spy agencies to make everything they’ve got available to everyone! Let’s mandate that every Google glass camera must be on all the time, every phone must have its microphone on all the time, every GPS recording its location and all this content uploading to the cloud!
Information WANTS to be free! EVERYONE should have access to EVERYTHING!
Then it will hardly be accessed, because if Facebook status updates have proven anything it’s that it’s no fun spying on all your friends if all they do all day is play Farmville.
Finally, these civil libertarians realise that nobody really cares about them, or their “right to privacy”, and we will be able to make the most out of google glass (11).
Sources:
1. http://www.spiegel.de/international/world/interview-with-whistleblower-edward-snowden-on-global-spying-a-910006.html [spiegel.de]
2. http://mashable.com/2013/06/21/gchq-spy-agency-taps-global-internet/ [mashable.com]
3. http://www.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html [bloomberg.com]
4. Bradley Manning, Edward Snowden
5. http://www.news.com.au/ [news.com.au]
6. http://io9.com/5969204/could-nuclear-disarmament-actually-increase-our-chance-of-an-apocalypse [io9.com]
7. “if the information is there, it’s already collected, why not use it to prosecute the crime? Why are you protecting the guilty? If you’re innocent you will want us to use this information to exonerate you.”
8. I read your email. Get over it.
9. http://www.policymic.com/articles/29585/3-new-ways-google-glass-invades-your-privacy [policymic.com]
10. http://news.cnet.com/8301-1023_3-57591975-93/google-glass-privacy-concerns-persist-in-congress/ [cnet.com]
11.
Re: (Score:3)
Fair point. Momentum is such that nobody is really going to change this natural progression towards the spy agencies having complete interception and analysis capabilities, and an implicit ability to be able to operate outside the law.
The only big questions I have are: how long until the list of authorized users erodes to the point that basically every law enforcement officer, powerful corporation and organized crime syndicate has access to this treasure trove of information, and how do innovations like Goo
Re: (Score:2, Insightful)
nope -- most people who work for the NSA would probably make more money as web developers or whatever the current make-money-fast job role is. Most of them honestly believe that they are doing something worth doing beyond just money.
hard for you to believe, I guess. maybe you should thank them?
my problem with this is that they may think they are doing good, but are they really?
Re:simple (Score:5, Insightful)
The people working for the Stasi thought they were doing the "right thing" too.
Re: (Score:3)
Re: (Score:3)
Like another poster said you joined the Stasi to be shielded from it.
One of my close friends is Russian and grew up in communist Russia until the USSR fell. One thing he was proud of was the fact that his grandfather was a colonel in the KGB. His father was a loser and his mother divorced him shortly after she gave birth. My friend an only child and his mother single would have grown up poor as shit back then. But his grandfather (mother's father) made sure she had an education, job in the government as an
Re:simple (Score:5, Insightful)
The intent of the Stasi was to look for any kind of "traitors" or subversives, not just people trying to escape; the NSA's mission was the same: spy on the populace.
If the USA was right next door to a country that was a much better place to live, and accepted any escapees with open arms, and enough people started emigrating there that it seriously affected the economy, then the US would certainly ban emigration. It doesn't have to because it has no reason to at this point; there aren't a lot of places that are significantly better, none of them are nearby, and those that are aren't highly friendly to immigrants unless they have valuable skills or a lot of money in the bank, plus for the moment the employment situation for those people with valuable skills is still pretty decent here. When the economy crashes even harder in the next few years, and if any countries start courting our tech workers (causing a "brain drain"), you can bet your ass that emigration out of the US will be forbidden.
Re: (Score:3)
Sorry, I do not see the machine gun nests set up around the American border with the intent to KEEP PEOPLE IN
Until that happens, I have little cause to believe your NSA=Stasi story
Google for 'concentration camps in America', there are photos and videos of massive fully manned camps with fences designed to keep people in, not out. These camps are seemingly ready to be used yet empty and they are not part of the prison system.
Also there are enough government owned weapons in the US to setup gun nests all over the place at very short notice.
Re:simple (Score:5, Insightful)
The trick with that is what was the ratio of attacks stopped versus the number of people "looked" at?
In the UK their is a current debate on random stop and search used by police. The noticeable point is that it is 9% effective in finding someone doing something wrong.
So if the police stop and search 100 cars they find 9 people who are breaking the law.
Prism is spying on tens of millions, to find a couple dozen.
that is why it should be stopped. They should turn that kind of data mining loose not on the outside world but their own internal agencies. If the NSA data mines, searches emails, databases, etc they could get far better results.
It would single handily merge the agencies that don't want to cooperate and produce far better results.
Re: (Score:2)
Re:simple (Score:5, Interesting)
The magna carta is a wonderful document. More important perhaps in the history of laws than even the US constitution as a statement of rights, simply because the magna carta was the *first*.
But the rights it outlays are fairly simple, and rather indicitive of its times.
[quote]
1. FIRST, We have granted to God, and by this our present Charter have confirmed, for Us and our Heirs for ever, that the Church of England shall be free, and shall have all her whole Rights and Liberties inviolable. We have granted also, and given to all the Freemen of our Realm, for Us and our Heirs for ever, these Liberties under-written, to have and to hold to them and their Heirs, of Us and our Heirs for ever.
9. THE City of London shall have all the old Liberties and Customs which it hath been used to have. Moreover We will and grant, that all other Cities, Boroughs, Towns, and the Barons of the Five Ports, as with all other Ports, shall have all their Liberties and free Customs.
29. NO Freeman shall be taken or imprisoned, or be disseised of his Freehold, or Liberties, or free Customs, or be outlawed, or exiled, or any other wise destroyed; nor will We not pass upon him, nor condemn him, but by lawful judgment of his Peers, or by the Law of the land. We will sell to no man, we will not deny or defer to any man either Justice or Right.[45]
[/quote]
Then theres a bunch of other ones like the king has to stop taking hostages ( a surprisingly common event in medieval europe ) , mercenaries have to gtfo of england, "all evil customs connected with forests were to be abolished" and other assorted medieval jurist things.
But in terms of stop and search, AFAIK your rights are preserved only as far as a right to a fair trial, I'm afraid.
Its an old document, more or less a first attempt at codifying limits on executive power.
Re: (Score:3)
Note also that all these rights apply only to "Freemen". Common serfs were granted no rights by the Magna Carta.
Re:simple (Score:5, Interesting)
https://en.wikipedia.org/wiki/FBI_Index
Read this, Subversives: the FBI's war on student radicals
http://www.amazon.com/Subversives-Student-Radicals-Reagans-Power/dp/0374257000
Based on de-classified FBI memos, it describes how th FBI kept security and reserve lists of political enemies, that could be detained at a moments notice.
Its a clear example on how we got damn close to having our own "night of long knives".
https://en.wikipedia.org/wiki/Night_of_long_knives
Re: (Score:2)
Heh, I sort of posed a similar question to my kids...
Say you've collected a group of N=10 people out of a population of P=100, and you know X=1 of them is a serial killer. How many of those people should you execute (or otherwise remove from society) to keep the rest of the population safe? Or should you let them all go to protect the innocent ones, knowing that the serial killer will go on unpunished to cause 10x more murders? How many can you execute before you're worse than the serial killer?
Now just
Re: (Score:2)
They measure personal success in how well the buerocracy does relivant to itself, and how well they do invidually inside the buerocracy.
I'd gander most people get into that work, because they see it as "recession proof", with retirement, good pay, and stability. They also probably recruit a good deal of ex-military who have a hard time finding work elsewhere. Given the fact the army is downsizing, i
Re:simple (Score:5, Insightful)
The question of securing your data shouldn't be about good or evil, or any particular moral judgment, but simply about how to make sure you're critical and confidential data doesn't end up being ripped off.
There's a certain level that you can go that way. However, in the end, to be useful data has to be loaded into people's heads. People can then unload part of it elsewhere. A very important part of securing the data is making sure that those people who could do that choose not to because they see the value of your mission. Those people who surround them also see the value and put social pressure not to reveal secrets. When the US loses it's moral authority by doing things identical to acts it has previously criticised this is obviously going to increase the risk of a leak.
Re: (Score:3, Insightful)
> you may still end up with bad employees. The question of securing your data shouldn't be about
> good or evil, or any particular moral judgment, but simply about how to make sure you're critical and
> confidential data doesn't end up being ripped off.
Don't let your employees access any data that you don't want them to release. Period.
If you are really that worried, then you can't give them access. If someone has access to the data, and feels it should be released, they will release it, they will fi
Re:simple (Score:4, Insightful)
Can you tell me how reduced? What percentage of data theft by insiders is by whistle blowers, and what percentage is by employees out to screw employers or profit by selling sensitive information?
My gut tells me the latter far outweighs the former, but clearly you must have some notion as you say that being a good organization will seriously reduce your risk.
Re:simple (Score:4, Interesting)
Sure my gut tells me the same; but that doesn't mean I think much can be done about it in most situations. The simple fact is you need your employees to do their job, if your information is so valuable to your business, then its even more likely that impeding them getting it is impeding your business.
Security measures are best seen as insurance since they can never pay off in the positive, they can only cost, and hopefully, less than the alternative....and that cost isn't just the cost of doing them once, but the cost of keeping them up every single day and the entire effect of that.
I seriously think a person trying to solve this problem is, most likely, trying to solve the wrong problem, unless perhaps, he is a criminal, or actually has data that is worth more to a criminal than the HR database of names, SSN, addresses, salaries etc.... which is unlikely for anyone asking slashdot.
Re: (Score:2)
I can't quite sort out why I have been modded troll. The issue of data leaks is a big issue, even for organizations that do good (again, however you define that. I agree that Snowden was morally right to do what he did, but try to imagine a situation in which an employee nicking your data is doing it to blackmail you or sell to a competitor?
Not every person stealing your data is some glorious warrior of freedom. Most are, well, to put it bluntly, just plain criminals, and as with any kind of theft, frequent
Re:simple (Score:5, Insightful)
No, the general question TFA asks about security breaches really has nothing to do with right and wrong or morality, it was simply about protection of data from insiders in any organization. What if Snowden's motivation had instead been monetary (which is much more common in security breaches than whistleblowing)? Or industrial espionage instead of government?
Protecting data from internal leaks is a complex issue, and pretending "if you are good it won't happen" is idiotic.
Re: (Score:2)
Protecting data from internal leaks is a complex issue, and pretending "if you are good it won't happen" is idiotic.
I think you're missing the point of those posts; we, collectively, know "do good and you have nothing to hide" is a bullshit rationale, but we find it appropriate in this circumstance considering how the corporate-owned government tells us the same thing every time they want to fuck us out of a couple more civil liberties.
FWIW, asking a crowd like this a question like that at a time like now... a straight answer is probably the last thing most of us are thinking about responding with.
Re: (Score:2)
The usual over-sensationalistic headline says that, but if you actual READ the details (it's not hard, most of it is right up there at the top of the page!) it says:
"when it comes to protecting a business's data, organizations more often focus on threats from the outside. But when a trusted employee or contractor uses privileged access to take company data, the aftermath can be as catastrophic to the business or organization as an outside attack ... What do you think the best way is to lock down a system a
Re: (Score:2)
Exactly. If an employer is doing nothing wrong, then at least long-term, it has nothing to hide. :-D
Re:simple (Score:5, Insightful)
Exactly. If an employer is doing nothing wrong, then at least long-term, it has nothing to hide. :-D
There are still merely-self-interested insiders: It's practically a tradition for Mr. Sleazy McSales to abscond with all the customer data when he accepts a position with the competition, and his engineering counterparts to lift design docs and the like for the same purpose.
Doing good does have the advantage of reducing disillusionment among your otherwise-least-corruptable people, and helps prevent economically-irrational leaking; but you still have to worry about the merely mercenary.
Re: (Score:3)
IMO, lifting contact info is just not a big deal, in much the same way that bringing your Rolodex with you has been the norm for decades. If your business has such poor customer loyalty that the mere knowledge of your customer list puts
Re: (Score:2)
Someone could be selling insider information about farm subsidies, which is not illegal but can affect markets.
'Leakers' are only one category of people who disclose information. It doesn't have to be illegal to be private and worth protecting.
Re: (Score:2)
That's not your data. There's a difference between the business's data (which is very hard to control usefully) and their customers' data, which by law must be very strictly access-controlled.
Re:simple (Score:5, Insightful)
Hark! Do I hear the approach of the Freedom Drone?
Stop launching Hellfires on babies, and stop treating the Citizens of your Republic like suspects in your dragnet.
Re: (Score:2)
Ultimately free individuals can never be contained.
Therefore complete transparency should be applied. The nationalist paradigms and constructs are futile. Ideals and methods can be implanted, but they are not what you are.
Re:simple (Score:5, Insightful)
Indeed. Loyalty is the only thing that works. DLP is basically a scam to make tons of money, but cannot prevent leakage. As long as people work with data, they can steal that data. Get used to it.
You can to a bit of personality screening. For example if you are the NSA, you want to screen out anybody with a shred of personal ethics or honor. Then make sure you bribe these people in staying loyal too you and keep the bribes up. Sure, you only get psychos that way, but nothing else is going to work.
If, on the other hand, your organization is actually contributing something positive, then make sure your employees have ethics and honor, believe in the cause and address grievances before they become a problem.
Loyalty is the key, and how to get it depends on what your organization does. Nothing besides loyalty will help against anybody determined.
Re: (Score:3)
I would have said it differently. "Stop breaking the fucking law!!"
Re: (Score:3)
Simple. Do good, make people working for you feel they're doing something good for the world.
There have been many different conceptions of what constitute "good."
Many people thought that fascism was "good" for Weimar Germany, and some believe it today, and not just for Germany.
Many people thought that Soviet Communism was "good" for the people of the Soviet Union and the world. Some still think that today.
Many people think that living under the strict rules of Sharia is "good," democracy is a decadent evil, and imposing Sharia on others is their obligation.
Many people think that Snowden is doing g
Re: (Score:2)
Re: (Score:3)
> Exactly, because all the most altruistically great companies had no data they would like to
> keep from the public and their competitors.
Who said that? The point is that, as a technological problem there is no serious solution set. You can either deny access entirely, or put onorus productivity and morale killing restrictions on access. However, anything you can think up, likely can be somehow defeated.... unless you think you can get away with asking people to strip naked upon their arrival to work
Re:Doesn't address the problem. (Score:5, Insightful)
Two months ago Snowden was living in Hawai'i with an attractive girlfriend and a decent salary. How is that more dysfunctional than living in a Russian airport on the run from the US government?
Nice try NSA (Score:5, Funny)
We won't help you cover your asses for the future. It's time to clean house.
Re: (Score:2)
Nice try NSA (Score:5, Insightful)
Re:Nice try NSA (Score:5, Insightful)
That was certainly an issue. If we're talking Snowden-style, the best deterrent is to actually conduct your operations within the law and within the boundaries of ethical behaviour. Snowden wouldn't have had anything to leak if the government were operating within the legitimate bounds of the constitution.
Re:Nice try NSA (Score:5, Interesting)
Re: (Score:2, Insightful)
You can't legalize unconstitutional activity with legislation. Either amend it to allow what you think is necessary, or scale back your concept of necessity. There are no alternatives.
Re:Nice try NSA (Score:5, Insightful)
I'm going to fail Godwin's law off the bat here, but remember that Hitler was lawfully elected and his SS all worked within the law. The letter of the law can twisted and re-written to make torture "legal", but that does not mean that it is OK since it is legal. The fact that "enhanced interrogation", and now "enhanced observation" is legal and was known to congress should be MUCH scarier than if it came out that the NSA was breaking the law without congressional oversight.
Re:Nice try NSA (Score:5, Insightful)
I lost mod points to post this, but this is the only use I've ever seen in 20+ years of internet, where Godwin did not apply.
We are ruled by an organization akin to the Gestapo.
There are Secret rules, secret Courts, and the Judges aren't allowed to comment, and have never ruled against the State.
I still remember when America Didn't Torture People; everyone responsible should be hanged.
Re:Nice try NSA (Score:5, Informative)
The NSA doesn't need help, all they would have had to do is follow their own procedures and the leak would have been greatly reduced. There's no excuse for having active USB ports on a machine that is handling top secret documents. Nor is there any excuse for giving someone access to more classified documents than they need to do their jobs, a system admin needs approximately zero access to the actual contents of the actual documents.
Be sure to choose the lowest bidder (Score:5, Funny)
That always ensures quality.
Does it matter if there's only one bid (Score:4, Insightful)
That always ensures quality.
With our recent innovation of no-bid contracts (well, there's one bid - from the crony that's been hand-selected by the corrupt government department), you get all the benefits of outsourced work along with the quality of a supplier with a monopoly for your project(s).
Lesson Number One..... (Score:5, Insightful)
Re: (Score:3)
Not necessarily. The admin does not need to have access to the content of classified material. Why wasn't it encrypted? Encryption should be usually, in such a situation as that of the NSA, at least two-key or three-key encryption, especially for highly classified data, you need at least two-key encryption that guarantees that you must have two people to de-crypt it.
It is fine to have an administrator access to the file, especially in cases where the file needs to be restored in cases where it was lost. But
Don't be dicks, you'll get less whistleblowers (Score:5, Insightful)
Obeying your country's constitution and not operating for the sole benefit of oligarchs and barons of commerce would go a long way towards limiting whistleblowing activity.
If you want to go the opposite direction, I guess you could lock up your employees in a bunker and hold their families hostage.
He shouldn't have been able to access the data (Score:3)
Access to secret data and documents should be on a need-to-know basis, or a practical approximation of it. It's clear that he had access far beyond what he needed to know. If he can't get at the sensitive documents in the first place he can't copy them to USB or use his cellphone to take pictures of them or upload them to his Wikileaks partners.
But isn't the real question..... (Score:2)
.... do you really want to?
Nice Try (Score:5, Funny)
Nice try, NSA.
Limit access (Score:5, Insightful)
Have separation between levels of security and have fewer & fewer admins working on them as you go up the chain. Use the old established and trusted guys at the top. Don't have thousands of people (particularly contractors) crawling all over the most sensitive data. Seems obvious really. Look at the amount of data *Private* Bradley Manning got his hands on. It's like NSA & Govt just leave the barn doors open and hope the fear of prosecution will prevent the bad thing from happening.
Solved problem in computer science, not budgeting (Score:3)
The U.S. military addressed all the problems except covert channels (now called DLP) in the Orange Book, back in 1985, the days of the dinosaurs and mainframes.
Alas, it was relatively hard to admin, requiring two people to do almost anything, and proving the completeness and sufficiency of the policies was exceedingly hard using the techniques of the day. The good thing was it was easy to use such a system. I used Multics, which was running at B2 and didn't even know security was tight. I later took
Boom, problem solved. (Score:3)
Re: (Score:2)
Chip sysadmins with GPS and use drones as your last line of defense.
Stay legal? (Score:5, Insightful)
How about not doing illegal things in the first place?
A lot of motivation for insiders to disclose the "sensitive" information would go away.
Advertorial (Score:2)
That's not an "ask Slashdot", that's internal advertising for your article.
The meat of which is advertorial for people paying you to mention them.
Fucking grow a spine.
As usual, convenience is the enemy! (Score:2)
The trouble with protecting yourself against insiders is that you are trying to protect yourself against people who need access to do whatever it is you pay them to do. Protecting yourself against external attackers is a massive matter of practical difficulty; but at least it's a coherent objective: keep people who shouldn't have access away from access. Against insiders, virtually everything you do either reduces productivity(so you disabled USB, good thing that there are never any legitimate applications
Not happening (Score:2)
Man can make it, man can break it, it's that simple.
No one solution to this... (Score:5, Informative)
This is an age old problem. It partially requires people skills, and it requires technology. A couple ideas:
1: First thing is compartmentalize. One person shouldn't have access to all the goodies.
2: USB devices are easy to control. I can push a GPO on Windows that blocks writing to any USB flash drive, or just locks out access completely so someone can't hook up their iPod Touch, run iTunes and copy files that way. Third party programs can offer this functionality as well. Of course, there are always BIOS locks. If one doesn't care about reselling machines, snipping wires and epoxy blobs in the USB ports will finish the job.
There are other devices and ports too. Firewire, Thunderbolt, and even PCIe cards can be hazardous. Don't forget the humble old CD-ROM burner in most machines.
3: Watch data and its access. If a Windows admin suddenly is slurping down everything in the accounting directory, and it isn't a backup utility doing this, then someone should be notified.
4: I normally dislike DRM, but I have used an IRM/RMS server in house for protecting files. That way, if someone slurps off a Word document, it works fine if running on my machine, but unless they saved it to another format, it will be encrypted on their end. I've used Microsoft's RMS for about ten years now for personal items, and it does a decent job as a secondary layer, especially when coupled with some other encryption.
5: Get a solution that can make heads/tails over audit logs. Splunk is nice (though expensive.)
6: Add documents that are normally not accessed, but if they are, they immediately trigger an alert from the solution mentioned in #5. That way, if someone is doing a mass copy of files, someone knows. Most likely it is part of the job, but it is wise to have a couple tripwires.
7: Spend your time and do background checks that work. Checking for felonies, yes. Demanding usernames/passwords to Facebook for ongoing monitoring 24/7, no.
8: Finally, morale. A company that always threatens its developers with offshoring, and has low morale will have far more security issues than one that at least knows how to treat people with some modicum of respect.
Re: (Score:2)
Wow, you missed a big #1: Hiring. IT needs to take control of the hiring process AND someone in IT needs to be trained to recognize personality types. IT, more than just about any other department I can think of, is a well of liability. Both in the data they have access to, and in the proper execution of their job responsibilities. If your hiring process doesn't reflect this reality, then nothing else you do will mean squat in minimizing your liability.
Re: (Score:3)
The person has their life story looked at:
The parents get interviewed, the primary school teachers, high school teachers, college friends, close family, extended family. Dusty small towns, hours driving until the person passes or an interview gets interesting. You do the same for the family of the person.
What happened in the USA over the past ~10 years? They seem to have caught the 1930's English problem - too fast, a system (educatio
Re: (Score:2)
3: Watch data and its access. If a Windows admin suddenly is slurping down everything in the accounting directory, and it isn't a backup utility doing this, then someone should be notified.
What is there to stop the admin from restoring the backup onto a separate, local drive and then doing his thing with the databases? Admins are supposed to restore backups now and then, just to test if they work.
7: Spend your time and do background checks that work. Checking for felonies, yes. Demanding usernames/pass
Easy - Don't Do Anything Wrong (Score:3)
Thus, you'll have nothing to hide.
Otherwise, it's a moot point; to paraphrase Mr. Universe, you can't stop the signal, bitch.
From the technical standpoint (Score:4, Informative)
1. Access to information in a need-to-know basis only using strong enforcement via MAC. Nobody has ALL the information on a specific subject.
2. All applications are used via virtual desktops accessed from secured, fully managed devices. No access is allowed from unmanaged endpoints of any kind.
3. If some information is as sensitive as described, then physical security enforcement need to be in place (isolated terminal room for example).
4. No printing, no emailing, no networking outside the proper security perimeter.
5. Regular audits and interviews to personnel with access to specific pieces of data.
You'll have to sacrifice convenience for security in environments that require that.
Same Problem as DRM (Score:5, Insightful)
While all the "don't be evil" responses are cathartic and fun, the real issue here is that you can't simultaneously give someone access to data and prevent them from having access to the data. You can make it more difficult to access the data but the price is that it is more difficult to access the data. You can't read minds so intent is not something you can reliably build into the system.
Its simple really. (Score:4, Insightful)
Don't have morally repugnant and illegal secrets.
Focus on insiders first (Score:4, Interesting)
Not really an answer to the question, but good security design should focus on identifying all of the relevant threats (aka a "threat model") and mitigating all of them to the degree that makes sense -- and any good threat model will inevitably identify insider threats as the highest risks most at need of mitigation, because, by definition, insiders have greater opportunities to conduct attacks, and they have roughly the same motives as external attackers.
If you find that your organization doesn't spend 95+% of its security time, money and effort on foiling insider attacks, it's almost certainly not doing a good job. If it is adequately hardened against insiders it'll be darned near impossible for outsiders.
My impression of the NSA has always been one of an extremely high degree of competence, so the Snowden leaks surprised me. You can't stop insiders from gaining access to the data they need to do their jobs, of course (though you can often segment job responsibilities to minimize it), but you can and should make it a lot harder for them to get access to other sensitive data, and Snowden was apparently able to get a lot of stuff that wasn't relevant to his responsibilities.
Simple: (Score:4, Interesting)
Stop doing things that seem illegal or immoral to your employees. Stop lying. Stop cheating. Stop cowering behind secret courts.
As people say about the data collected by the NSA: if you haven't done anything wrong then you have nothing to hide. The NSA was hiding this program because they knew it was wrong.
The answer is literally decades old. (Score:2)
I'm curious, has anyone in government intel circles ever heard of compartmentalization before? I'm pretty sure based on the TS/SCI clearances they issue to those working with (what should have been) compartmentalized data would know of this rather obvious concept.
Bottom line is they know the importance of data compartmentalization. This has been a standard practice for decades now, even keeping those at the highest levels in the dark with the additional "need to know" addendum.
I can't help it if utter stu
Nothing can be done... Nothing (Score:4, Interesting)
No matter how deep a background check goes, no matter how thorough the inquiry is into a person's character, no matter how many interviews are made of friends and family, and no matter how many polygraph tests are performed, if a person is given a position that requires some trust there is always going to be a chance that this person is going to abuse the trust. Psychopaths and sociopaths the the scariest of these people because they have no problem with lying, are good at it because they are usually good at being manipulative, are often very well liked by family and friends, and can lie without end like a baby-kissing politician running for re-election and still pass a polygraph test.
Perhaps the problem is in the kind of people being sought for these jobs that require great trust. While a person needs to be squeaky clean to get security clearance, perhaps the squeaky clean requirement is causing the government to choose some from the wrong pool of candidates. My experience has been that you will have a better chance of finding an honest man (or woman) by looking at those who have messed up in his or her life, is genuinely repentent, and has demonstrated through years of clean and honest living that he or she is worthy of such great trust. The gratitude that comes from being given this second chance is an incredible motivator in steering a straight and narrow course through life.
Hire married employees w/children. (Score:3)
Married employees with kids and a mortgage don't have as much leeway to indulge their conscience.
Sad, but true.
Don't do anti-social anti-democratic things! (Score:3)
Then mabey the people who work for you won't question your blatant lack of morals.
full body cavity search (Score:2)
and having data in a vault with armed guards on the out side 24/7.
Deterrent (Score:2)
Assassinate Snowden.
(Probably not the answer anyone wants to face, but ask your inner Machiavellian.)
No sure way (Score:2)
There's no sure way to protect the data, but this comes close:
1. Unplug the server/storage array/whatever
2. Put it in a safe. Lock the safe, lose the combo.
3. Dig a large hole.
4. Insert safe into hole.
5. Fill hole with concrete.
Of course, even this plan has its flaws: What if the safe is discovered? Your only hope is that it's discovered by a Redditor; it will never be opened then.
If you're worried about USB you already lost. (Score:2)
If you're worried about USB or any other device access you've already lost. Anyone who can SEE the screen can snap a pic of the screen. Or a few hundred screen pics. And even if you strip everyone naked as they enter the building, and you scan them for hidden devices hidden inside body orifices, the fundamental issue is that information can be carried out in someone's memory, and that person is capable of talking.
Compartmentalizing who can access what may limit the range of what any particular insider can r
Re: (Score:2)
The thing is that if they can *only* carry what they have in their mind and have no other evidence, nobody would believe them...
A more appropriate question .. (Score:2)
Do it like the GDR? (Score:5, Interesting)
Basically, the GDR (former Eastern Germany) had similar problems with their border guards: guards would usually patrol the border in pairs (two guards at any given time). And this is obviously a necessary thing in border patrol.
But since the government couldn't trust their guards and since there indeed was a possibility that the guards would just jump across the border to Western Germany, they had a brilliant plan: (1) they made sure that each of the guards came from a completely different area of the country, and (2) that they didn't spend too much time with together in order to build trust between them. So, for the case (2), the government decided to create new pairs every week or so... it worked quite successfully.
Now, the question, obviously, is whether you *want* to be something like the former Eastern German Government.
I believe there are a lot of ways of protecting data against malicious employees - one being the way the Eastern German Government did (this might be a good solution actually for the NSA). Other ways are making sure that the employees in question can never copy any data by any means, whether it is by blocking USB-ports, not having any drives, not allowing *any* personal devices at all, including no cameras, smartphones, etc. You might even force the people to use a company-provided mobile phone even for their private calls (without snooping into their calls) without cameras, data connection, etc (just calls+sms).
Lastly, you could consider using a TrustedOS with levels such as B1-B3 or even A1 or Beyond-A1. http://en.wikipedia.org/wiki/TCSEC [wikipedia.org]
I knew TISX http://en.wikipedia.org/wiki/Trusted_Information_Systems [wikipedia.org], which had (afaik) the only B2-TOS at that time. It was quite ingenious how it worked...
Re:Do it like the GDR? (Score:5, Interesting)
In addition to what you wrote: http://en.wikipedia.org/wiki/Border_guards_of_the_inner_German_border [wikipedia.org]
As a further measure to prevent escapes, the patrol patterns of the Grenztruppen were carefully arranged to reduce any chance of a border guard defecting. Patrols, watchtowers and observation posts were always manned by two or three soldiers at a time. They were not allowed to go out of each other's sight in any circumstances. When changing the guard in watchtowers, they were under orders to enter and exit the buildings in such a way that there were never fewer than two people on the ground. Duty rosters were organised to prevent friends and roommates being assigned to the same patrols. The pairings were switched (though not randomly) to ensure that the same people did not repeatedly carry out duty together. Individual border guards did not know until the start of their shift with whom they would be working that day. If a guard attempted to escape, his colleagues were under instructions to shoot him without hesitation or prior warning.
What bugs me the most... (Score:4, Insightful)
On topic, I have two answers for you depending on how your question was intended.
A1: You don't. You will never stop "leaks" of any sort, because you will inevitably be fooled into trusting the wrong person at some point. Leaks will always happen, even if there's been no wrongdoing (leaks can take the form of corporate secrets, for example).
A2: If you mean how do we stop leaks like this, as in, leaks about Governments infringing on public rights and acting like utter jagoffs the solution is far far simpler: Stop being jagoffs, stop breaking the law. Hell, that's the answer that WE get, isn't it? "You don't have anything to worry about if you're not breaking the law"...well, if they don't want people to blab about the Gubmint breaking the law, the Gubmint should stop breaking the law and they won't have anything to worry about. Right?
you need to trust your Employees (Score:2)
Limit access perhaps? (Score:3)
"According to the report, which scrutinized the approval of security clearances, more than 483,000 government contractors had "top secret" clearance as of last October. On top of that, another 582,000 have "confidential" or "secret" clearance."
That is... WELL OVER ONE MILLION PEOPLE with access to sensitive information. More or less 1 in every 300 citizens of 'murica.
If you don't see a potential data breach here, I really don't know what you're looking for.
Snowden made the information public, but who knows how many others sent information to foreign agencies? With one million people with access I bet data breaches happen quite more often than this one case.
Re: (Score:3)
The gross numbers for people with varying security clearances is a bit of a red herring. For instance unless there is something weird in an enlistees background they automatically are granted a Secret clearance when they finish Basic Training. When I went through there were entire career fields that were tagged for getting Top Secret clearances, even though it might not ever be needed.
So you end up with tons of people who are in theory certified as being trust worthy but never actually are given any kind of
a few ideas (Score:3)
Here are a few ideas:
1. Video cameras with 100% coverage of any room with computers with sensitive data. Live monitoring of said cameras.
2. Securely locked computer cases. Since I haven't seen any computer cases that allow for truly secure padlocks this may require making your own computer cases out of say 1/4" steel and with thick case hardened hasps designed with large padlocks in mind.
Or alternatively you could design a case by permanently welding the case closed. If something goes wrong inside you simply melt the whole thing down. A custom designed case will also allow you to bury any of the absolutely necessary external connections like for a keyboard and mouse inside the locked or welded case. Any data would need to be backed up through the internet or other network connection, which again is buried inside the secure case.
3. Checkpoints with metal detectors set to their highest sensitivity for all personnel entering or leaving, but this will only work if it is sensitive enough to detect a single microSD card. Strip searches and cavity searches for all departing personnel with access to sensitive data.
4. You could lock your employees into a secure facility and never allow them to leave. If they try to quit you kill them and melt their body in a large dedicated acid bath.
Of course this would have to be combined with severing all contact with the outside world. Internet connections or any kind of telephone would be forbidden. Also make certain that no computer has wifi capability and/or make the rooms with the computers with sensitive data into Faraday cages to prevent any wireless data transfer.
5. A water lock. In order to exit your facility your employees must swim through a tube filled with water. The problem with this is that a microSD card could be protected by wrapping it in plastic or something. You could also use salt water and run a nonlethal current through it.
6. Do not allow employees anywhere to put a data storage device. Do not allow any clothes or bags of any kind inside. They would store all of their belongings including their clothes in a locker before they entered the facility proper. Combined with cavity searches this could be quite effective even without any of the other measures. To help with employee retention make sure that the searchers are very, very attractive and that sexual preferences are observed at all times.
The final answer (Score:3)
Ripley: I say we take off and nuke the entire site from orbit. It's the only way to be sure.
http://nukeitfromorbit.com/ [nukeitfromorbit.com]
knowledge and evidence (Score:3)
As someone else already said: You can not give someone access to data while not giving them access to data.
What you can make a hell of a lot more difficult is the ability to get the data out in any other way than inside someone's head.
At the extreme range, allow people to enter and exit the building only naked, changing into work-clothes on the inside that never leave the building. Don't forget cavity searches.
Oh, wait - you were planning to run an office, not a prison? That's gonna make things a little more tricky as human beings tend to be picky about archaic things like dignity.
The non-bullshit answer is basically this: The freaking NSA fucked this one up. If you really think a random collection of hints on /. is going to give you a better shot, you need to be fired.
Update your security policy regularily and monitor compliance. Do a good job. Stop worrying about the Snowdens of this world, because there's like one every decade. But users looking for shortcuts, managers wanting a dial-in connection from home, admins leaving the firewall wide open after a change, developers using test-configurations in live, all these things are happening every day. Worry about them.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re:Its a Sysphian Task (Score:4, Informative)
I agree with this point. It's not impossible to stop leaks, but organizations can change to mitigate the impact one individual can have.
The thing that is most interesting to me about the Snowden case, as well as the Manning case, is the level of access intelligence communities give to these people. I mean, Manning was able to dump years of diplomatic cables, and Snowden has been able to detail a worldwide architecture of network ops.
Did they really need to have this much access to information? If their roles were more compartmentalized, these situations would be different.
I feel the problem with these leaks is a management issue moreso than the acts of individuals. Taking young, principled, intelligent guys and giving them the keys to a trove of information about questionable activities is just not the way to run an organization. The people he reported to should be the ones being indicted over this.
A solution (without knowing the particulars) would be to spread out access across a range of individuals with specific skill sets in their area and that's it. If you want to train people to be hackers, focus their development on one level of infrastructure and make it impossible for one guy to do this all on his own.
Re:We don't want to prevent them, duh. (Score:5, Insightful)
The question is what you can do to prevent it, not whether or not Snowden is a hero.
It's an interesting problem on it's own. Imagine the situation in reverse - someone working in IT for an aid organization, beset by government hackers looking for information about political opponents who would kill them. How do you prevent someone from leaking information of a completely non-criminal nature to forces who mean to do them harm?
One of the problems with disclosures, and why they are so divisive, is that they expose people's relative values. For everyone who thinks Snowden is a hero, there is someone who things he broke an oath and the government is being completely reasonable.
It's not worthwhile to judge situations the same way you judge individuals. I work with a lot of NGO where people would get killed if information about their operations is exposed, and one of the big threats is someone handing over documents under duress.