Friday, June 19, 2015

What is DLP and how do you bypass it!

Data Leak Prevention or Data Loss Prevention depending on how you want to call it is nothing but a way to prevent confidential data from leaking outside your network.

In regardless of which vendor or product it works by monitoring data in motion, at rest and in used.

Data in motion = data that is being transmitted via secure or insecure channel.
Data at rest = data that resides in your machine or NAS
Data in used = data that is currently being process or in used.
Most of the time DLP comprise of 2 engine. The monitoring engine and the prevention engine.

Monitoring engine actually monitor the usage of the data in your machine or network. It monitors and send those information to the centralize server. All these events are known as DLP incident and ussually you would need a DLP administrator to monitor and evaluate whether a data breach has occur or not.

Depending on the policy you can set whether to trigger an alert on the desktop if a policy has been violated or just remain passive. Most of the organization would set the monitoring mode in passive mode to avoid alerting the crook /bad guy within their organization.

Another engine which is the Prevention engine is the actual engine which block or prevent the data from going out. It can block you from burning the data to USB, CD, DVD, ftp, cloud storage, print screen and etc..again it is set in policy. Some of the organization will set the prevention engine on the desktop level and some on the gateway level depending on the business case.

Detection can be done using regular expression, keywords, and even fingerprinting a documents. (I would not go into the details here..)


Now !! Here come the interesting part! How do you bypass DLP!!!!

1. Encryption!!!!!
A lot of IT administrator or DLP wannabe expert claim that you should encrypt the email or data on your desktop before sending it outside from the organization. The ironic thing is there is no DLP solution in the market right now which can automatically decrypt and encrypted file, inspect it with DLP engine before sending it out! So by allowing your staff to encrypt the file with password using their own encryption solution such as Truecrypt will render DLP solution useless!!!!

The right way is encryption on the gateway level! Lets look at the scenario below:-

User A send file to User B outside the organization.
User A send file >> file is intercepted by DLP solution in gateway >> analyze if it is a confidential data or not >> if yes encrypt before sending out and if not just send out

This is the right way to do it...

2. USB USB but what about SD card slot??
Most of the administrator set DLP policy on USB drive. To prevent users from copying file to USB. But wait ...what about SD CARD slot?? I am sure a lot of laptop has it. So try using your SD card slot and you will be surprised that the policy is not yet set to prevent data out using SD card slot.

3.Own FTP or HTTP server.
There is a lot of web based file server solution on Iphone and Android. You can just download the apps activate the web storage from your iphone and android and access those URL from your DLP enable laptop or desktop. Chances are you can copy those data out to the iphone or android. Reasons are DLP solution is all about rules. If the administrator set a strict rules that prevent all https and ftp then it is a problem cause it will create lots of false positive. So if you send data to the phone ftp or http storage, chances are it will still work depending on the policy set. However please take note that even you can copy the data out it does not mean it is not logged!! Yes remember i mention DLP has 2 part? Monitor engine and Prevention engine.

4. Fuck Windows ..Use Linux!
Ok DLP is a program. A program that hook to the OS kernel to prevent data loss. But what if you boot from a boot disk and run linux? Yes DLP will be ueseless!!! You can copy anything and DLP monitor and prevention engine will not be there to stop you. The mitigation control is to disable booting from USB or CD on your machine and set a BIOS password to it. I am sure 90% of the organization would not do this cause the so call DLP consultant or security consultant are mostly Windows user who has not actually try to hack anything in their life before!!!

There are more ways to bypass the DLP solution that is in the market now but i am sure the steps i mention above is more than enough to cause a data breach!

Note: The information share above is not meant to encourage malicious activity but to educate the public about their false sense of security when they claimed they are protected from data loss cause they just bought a fancy DLP solution from a vendor.

Feel free to contact me if you wanna know more about DLP :)


Blogging is Dead!..

I just realized that my blog is abandon for quite sometime. Partly because it is much more easier to write anything or update anything from facebook rather than using the blogger interface. Another reason is i hardly use a computer anymore. Mobile access is the new trend and i am no different. Try updating your blogspot from an Iphone vs Facebook and you will know what i mean.

Maybe blogspot should evolve...or maybe not..


Sunday, December 28, 2014

Overprice Iphone screen protector in GM Klang Wholesale City

My recent visit to GM Klang Wholesale City is a nightmare. What turn out to be a joyous occasion turns out sour when my a salesman (Thomas Chen) or perhaps the owner of Zentech Cash and Carry located at lot 134-3rd floor sells an Iphone 6 + Glass-M screen protector at RM135.

Yes i know it is my bad for not doing research before buying the screen protector but i thought isn;t a wholesale center suppose to sell thing cheaper and not 100% more expensive??

GLASS-M case at USD20 Free shipping!! Even Glass-M site itself is selling at just USD20 free shipping.


So my advise is stay away from this conman and con shop to avoid being con by evil seller.


Thursday, July 24, 2014

Error while updating my Pwnpad Community Edition.

Receive the error shown above while updating my pwnpad..This is driving me crazy..anybody out there who see this please help!!!

Tuesday, June 17, 2014

The Secret Garden

As go green concept getting popular, an indoor green plant is always a good choice to cheer up your day as well as creating a harmony environment.
Many faced the problem does not know how to take care of their beloved plant or does not have enough time to take care of their plant. Are you one of them?
With align to the modern lifestyle, Secret Garden introduces little flower which need minimal care as your new pet. These fully imported REAL flowers are processed using high technology to retain its original softness and beautifulness of fresh flowers. These everlasting flowers do not need fertilizer, sunlight or soil. These flowers need only some water / midst from the air the flower. Size of the flower bud changes every day according to its surrounding humidity. It blooms larger when dry and close tightly when is humid. This new technology processed flower is free from watering. Just spray some water on the flower when necessary.
Little flower is suitable as your modern pet and is your best choice as gifts for friends and family, as a souvenir, wedding gifts or even corporate gifts for any occasion. It can be placed on your working desk, waiting area, study room, living room, dining room, bedroom or even anywhere as your prefer.
There are 9 vibrant colors to choose from – Purple, Pink, Dark Blue, Light Blue, White, Red, Green, Yellow, and Orange.
You may also choose your desired color according to your horoscope.

To buy contact chongchiang@gmail.com limited stock..
 4cm (H) x 1.5 cm (W) RM20 comes with 5 flower 



 It Blooms when dry and when you spray water on it , it will close up.


Small Egg RM40