sunhux
asked on
Ways/tools to block/handle Steganography sites
In Bluecoat proxy, there's about 38 categories that it blocks:
1. Adult/Mature Content
2. Chat (IM)/SMS
3. Child Pornography
4. Controlled Substances
5. Dynamic DNS Host
6. Email
7. Entertainment
8. Extreme
9. File Storage/Sharing
10. Gambling
11. Games
12. Hacking
13. Internet Telephony
14. Malicious Outbound Data/Botnets
15. Malicious Sources/Malnets
16. Marijuana
17. Media Sharing
18. Nudity
19. Peer-to-Peer (P2P)
20. Personal Sites
21. Personals/Dating
22. Phishing
23. Piracy/Copyright Concerns
24. Placeholders
25. Pornography
26. Potentially Unwanted Software
27. Proxy Avoidance
28. Remote Access Tools
29. Scam/Questionable/Illegal
30. Sexual Expression
31. Social Networking
32. Software Downloads
33. Spam
34. Suspicious
35. Tobacco
36. Violence/Hate/Racism
37. Weapons
38. Web Hosting
a) does Steganography come under any of the categories?
b) if not, can we request Bluecoat to add one or to park it under
one of the above categories?
c) what's the industry practice to handle it? Block it at email filtering
device, Network IPS, proxy or ?? Googling around, shows "Traffic
Warden" is used but if we don't want to invest in it, what can be done?
1. Adult/Mature Content
2. Chat (IM)/SMS
3. Child Pornography
4. Controlled Substances
5. Dynamic DNS Host
6. Email
7. Entertainment
8. Extreme
9. File Storage/Sharing
10. Gambling
11. Games
12. Hacking
13. Internet Telephony
14. Malicious Outbound Data/Botnets
15. Malicious Sources/Malnets
16. Marijuana
17. Media Sharing
18. Nudity
19. Peer-to-Peer (P2P)
20. Personal Sites
21. Personals/Dating
22. Phishing
23. Piracy/Copyright Concerns
24. Placeholders
25. Pornography
26. Potentially Unwanted Software
27. Proxy Avoidance
28. Remote Access Tools
29. Scam/Questionable/Illegal
30. Sexual Expression
31. Social Networking
32. Software Downloads
33. Spam
34. Suspicious
35. Tobacco
36. Violence/Hate/Racism
37. Weapons
38. Web Hosting
a) does Steganography come under any of the categories?
b) if not, can we request Bluecoat to add one or to park it under
one of the above categories?
c) what's the industry practice to handle it? Block it at email filtering
device, Network IPS, proxy or ?? Googling around, shows "Traffic
Warden" is used but if we don't want to invest in it, what can be done?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Does blue coat proxy has the feature to block by keyword?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Exactly which proxy do you have? I do know that you can do URL keywords for sure, but didn't want to assume that's the exact way you wanted to do your blocks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Jeremy,
Employees exfiltrating data or data leaked through the use of steganography tools.
I can think of the following
1) Users should be prohibited to install : yes, in place
2) Proactive scanning of stegano softwares installed on users' PCs : any list of softwares?
3) Dynamic or static applications white-listing
Masnrock, we're using Bluecoat proxy
Employees exfiltrating data or data leaked through the use of steganography tools.
I can think of the following
1) Users should be prohibited to install : yes, in place
2) Proactive scanning of stegano softwares installed on users' PCs : any list of softwares?
3) Dynamic or static applications white-listing
Masnrock, we're using Bluecoat proxy
ASKER
We do have Codegreen data loss prevention tool (but it's a network appliance) : will it help in any way?
Planning to replace with an endpoint data loss prevention tool : will this be better than a network dlp
in mitigating against data loss by stegano ?
Planning to replace with an endpoint data loss prevention tool : will this be better than a network dlp
in mitigating against data loss by stegano ?
ASKER
Saw a 'Fidelis Security Systems' solution that mitigate against dataloss by stegano
but don't plan to get this solution; hoping Codegreen, Digital Guardian endpoint dlp
& Bluecoat proxy could help
but don't plan to get this solution; hoping Codegreen, Digital Guardian endpoint dlp
& Bluecoat proxy could help
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
>Data loss prevention tools would be more suited to your purpose, and I doubt even most of
>them have figured it out yet.
So DLP tools are going to help in my case or won't help? Should I define certain keywords
to block in DLP & what are they so as to help with stegano-type of data loss prevention>
>them have figured it out yet.
So DLP tools are going to help in my case or won't help? Should I define certain keywords
to block in DLP & what are they so as to help with stegano-type of data loss prevention>
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes we can. In fact we block various uploading sites at proxy that we know such as Google drive, Dropbox, webmails (yahoo, gmail etc) but we may miss a few n Stegano is a new concern just raised
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
What content types should we block n is this at blue coat proxy?
Is this by file type or extension like exe .js. bat ?
Is this by file type or extension like exe .js. bat ?
ASKER