13 November 2010 Data Leakage
Loss of control over data
Unauthorized exposure/transfer of data
Ex: man in the middle, backdoor, privelege esclation are intented data leaks Networks
Unintented leaks :
RBAC
Rogue devices Storage : · Identify your data assets, owners, who are the data custodians · data locations (hardware and logical i.e. network addresses) · Legal requirements – i.e personal identifiers, ect · Classify · Implement proper storage
Endpoints
Defend yourself against attacks
Unintended : · email (outgoing), · network drives/local drives, · Shared (folders and network connections)
The Google Hack – web server
Crawler – goes and checks every web server. Everything with a public html is published. The crawler is automatic software.
Data Leakage
Loss of control over data
Unauthorized exposure/transfer of data
Ex: man in the middle, backdoor, privelege esclation are intented data leaks
Networks
Unintented leaks :
RBAC
Rogue devices
Storage :
· Identify your data assets, owners, who are the data custodians
· data locations (hardware and logical i.e. network addresses)
· Legal requirements – i.e personal identifiers, ect
· Classify
· Implement proper storage
Endpoints
Defend yourself against attacks
Unintended :
· email (outgoing),
· network drives/local drives,
· Shared (folders and network connections)
The Google Hack – web server
Crawler – goes and checks every web server. Everything with a public html is published. The crawler is automatic software.