Enterprise Data Protection by Hong Kong Network Service Company Limited
Januari 9th, 2009 by snow2030At present, many enterprises in the network settings are not comprehensive, resulting in the risk of corporate data leakage, following Hong Kong Network Service Company Limited on a method. Use gateway filtering device
Gateway to start from, but also the staff to avoid the use of software to circumvent the corporate firewall penetration by one of the ways, but such methods have no direct control as a result of the enterprise end user’s computer, or can not control very effective, only to alleviate a certain degree of risk. But relatively speaking, the use of gateway devices filtering methods, for enterprise users, the least impact, cost less.
IPS is one of the options of such equipment, in fact, part of IPS agent software has the ability to guard against, but because many types of agent software, version updated rapidly, IPS features often judged against the old version of the agent software has the effect, the user If using an updated version, IPS usually can not be found, thereby blocking.
There is also a type of gateway device is a staff Internet behavior management equipment (Employee Internet Management, EIM), such equipment also can reduce the degree of risk, is relatively more than there are in the use of the practice. Tatsu Friends of Science and Technology Information Security Adviser Hong Kong Network Service Company Limited said that at present, about half of Taiwan’s financial industry are equipped with Websense’s EIM equipment. The following will be more people on the Websense used as an example, the analysis of such products that prevent employees from the ability to penetrate the firewall.
Hong Kong Network Service Company Limited pointed out that the current Websense products can detect including Hopster, GhostSurf, Tor, Google Web Accelerator, RealTunnel, JAP, Toonel, Your Freedom, SocksOnline, etc. all 10 kinds of different proxy software, to prevent enterprises from internal staff through such agent software links to the proxy server, and then as a springboard for businesses to circumvent regulations.
Detection approach is through the packet characteristics, when the user using the software, Websense’s products through the analysis of exchange or gateway device mirror (Mirror) of flow, determine the characteristics of the packet, and then with the known characteristics than the right, if found to be above the agent software, will automatically be blocked line.
For those who found no way through the features of the proxy server line, hknsc that can Websense’s EIM devices “continue” mode to achieve the effect of blocking. The model refers to Websense’s EIM equipment in addition to support for blocking and opening up, but also support in between a “continue” function, which can not set the rules of classification or business online categories, will be automatically in the browser browser page to continue to jump out of a button, users must continue to press the button to browse the Web. When internal users through an agent software attempts to connect with a proxy server, as a result of Agent Although disguised as HTTP-line, but with a proxy server to link itself does not open the browser page, naturally, does not automatically by the next page button to continue, so will not be able to establish a link with the proxy server, the user will not be able to proxy server as a springboard to penetrate the firewall, to circumvent the corporate governance.
However, as referred to earlier, such a method of filtering gateways have one thing in common inadequacies, it is these gateway device must be linked through the characteristics to determine whether there are differences in the flow, but just a free doors, Tor, such as Agent software, the types of excessive and rapid updates, which makes Gateway products in the block-house staff to use such software to penetrate the firewall always have not been caught, for example, if the contents of the packet encryption, or a new version of the agent software, are there may not be able to detect.
Although the EIM products to control employee access to the Internet behavior, setting up a policy classified management, and effectively blocking the line, but when the staff tried to use proxy software to prevent their penetration, the characteristics of such products will be updated. For example, if the use of freedom of the door, the Websense EIM devices may not be able to detect. In addition, the continuation of the above-mentioned model, although able to stop the agent software online, but it must be in the enterprise-line policy will cover a wide range of conditions, be useful. If the enterprise in order to reduce the impact of Internet users, and not all models used to continue the policy, then the effect of anti-limited. However, similar products such EIM can still leave easy access to online records, if the enterprise with its own set up a proxy server, but also for content filtering and inspection, so that information in real security incidents occur there is still evidence and records can be moved.
Overall, the use of such products to penetrate the firewall to guard against employees, or to mitigate a certain effect, but can not proceed from the terminal as more comprehensive, but also as a result of equipment to build the network client, for users less affected by the lower rebound.
Use gateway device filtering methods, can prevent data leakage, more please Inquiry Hong Kong Network Service Company Limited.