[Full-disclosure] blocking Google Desktop

[gboyce]

On Sun, 12 Feb 2006, Nick FitzGerald wrote:

> Go to HR, explain that the new security policy about not running Google
> Desktop is make-or-break and explain why.  To achieve this you may need
> higher-level management buy-in, so hopefully you can threaten exposure
> under HIPAA, Sarbanes-Oxley or some such _IF_ the policy is ever
> breached.  Make it a matter of "if our IDS sees traffic from your
> machine to desktop.google.com (or whatever) its an automatic HR
> warning", and then let your standard (two, three, whatever strikes and
> you're out) HR policy deal with enforcement.

Yes.  And one of the prerequisites to this is the ability to monitor and 
detect this type of traffic.

Which was the reason for my response to J.A.'s e-mail.

--
Greg Boyce