[Full-disclosure] blocking Google Desktop
gboyce at badbelly.com
Sat Feb 11 23:52:08 GMT 2006
On Sun, 12 Feb 2006, Nick FitzGerald wrote:
> Go to HR, explain that the new security policy about not running Google
> Desktop is make-or-break and explain why. To achieve this you may need
> higher-level management buy-in, so hopefully you can threaten exposure
> under HIPAA, Sarbanes-Oxley or some such _IF_ the policy is ever
> breached. Make it a matter of "if our IDS sees traffic from your
> machine to desktop.google.com (or whatever) its an automatic HR
> warning", and then let your standard (two, three, whatever strikes and
> you're out) HR policy deal with enforcement.
Yes. And one of the prerequisites to this is the ability to monitor and
detect this type of traffic.
Which was the reason for my response to J.A.'s e-mail.
Full-Disclosure is hosted and sponsored by Secunia.