On 5/7/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
>From: Sebastian Benoit <[EMAIL PROTECTED]>
>
>If you want deny users the possiblility to smuggle data outside of
their
>workplace (or whatever) then don't connect them to the internet.
No, no, no. You must go one step beyond this if you want to
prevent employees from smuggling data. To do this properly, copy
machines should be remove! Pen, pencils and papers removed!
Employees should be searched for thumb drives, zip drive, floppy
drives, tape recorders, papers, cd's, dvd's, and burners. It's
better to strip search them just to be sure. As a matter of fact,
because humans are so innovative, all materials should be removed
from the office because I'm sure someone will come up with some way
to write something down. Oh, don't forget to remove phones, faxes
and cell phones, and cameras. You should only hire people who
don't know how to read or write to reduce the work load of
preventing others from smuggling data. It's probably best that
they don't know how to receive or transmit any form of
language/communication either.
Also, make the whole building a large faraday cage to prevent them
from using radio communication. And have automatic direction-finding
recievers to triangulate the location of (l)users who attempt to use
radio. In fact, there is a much cheaper method: don't hire humans.
_Every_ compromise of security or instance of data exfiltration has
been traced back to a human action. If you don't have humans, you
don't have problems.
