Re: system monitoring

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "Alexander Grigoriev" <alegr@xxxxxxxxxxxxx>
Date: Fri, 15 May 2009 07:01:20 -0700

Your chew is not palatable for me...

As long as you allow to transfer data between applications, the problem
cannot be solved.

If you want to restrict information flow, you need to restrict the
environment. Ideally, every application should run as a RDP session from a
remote server. Clipboard should not be shared with the local host. The local
machine should be also controlled environment, and be guaranteed untampered
with (by virtues of TPM). PrintScreen from RDP window should be disabled,
perhaps by means of not allowing it to run non-fullscreen.

"boris" <noone@xxxxxxxxxxx> wrote in message
news:4a0d186e$0$1596$742ec2ed@xxxxxxxxxxxxxxxxx

"David Craig" <drivers@xxxxxxxxxxxxx> wrote in message
news:%23glclNR1JHA.3476@xxxxxxxxxxxxxxxxxxxxxxx

For Don's answer that will not work. If you convert a text file to a
PDF, it will not hash out and even using a plaintext input to Microsoft
Word with all its formatting to the .doc or .docx will not work.

The correct answer is to not give anyone you don't trust sensitive
information.

It seems in order for you to understand something it has to be chewed and
put into your mouth.
The solution would be to have a database of hashes of files of interest.
Then a filesystem filter driver would calculate hashes as files are being
written and flag an alert is there was a match to some hash in database.

Boris

Follow-Ups:
- Re: system monitoring
  - From: m
- Re: system monitoring
  - From: boris

References:
- system monitoring
  - From: Lloyd
- Re: system monitoring
  - From: Kerem Gümrükcü
- Re: system monitoring
  - From: Lloyd
- Re: system monitoring
  - From: Don Burn
- Re: system monitoring
  - From: boris
- Re: system monitoring
  - From: David Craig
- Re: system monitoring
  - From: boris

Prev by Date: Re: system monitoring
Next by Date: Re: Checking write permission in a network share without actually writing a file
Previous by thread: Re: system monitoring
Next by thread: Re: system monitoring
Index(es):
- Date
- Thread

Relevant Pages

Re: system monitoring
... Clipboard should not be shared with the local host. ... it will not hash out and even using a plaintext input to Microsoft ... The solution would be to have a database of hashes of files of interest. ...
(microsoft.public.win32.programmer.kernel)
Re: system monitoring
... , then isolated environment works. ... it will not hash out and even using a plaintext input to Microsoft ... The solution would be to have a database of hashes of files of interest. ...
(microsoft.public.win32.programmer.kernel)
Re: system monitoring
... it will not hash out and even using a plaintext input to Microsoft Word with all its formatting to the .doc or .docx will not work. ... Then a filesystem filter driver would calculate hashes as files are being written and flag an alert is there was a match to some hash in database. ...
(microsoft.public.win32.programmer.kernel)
Re: system monitoring
... it will not hash out and even using a plaintext input to Microsoft ... Word with all its formatting to the .doc or .docx will not work. ... The solution would be to have a database of hashes of files of interest. ...
(microsoft.public.win32.programmer.kernel)
RE: Windows 2003 Server - MS Rulez?
... Hash restrictions are only one of four new methods for restricting software. ... You can restrict by path (usually you would actually be *un*restricting by ... > protect WLANs from known vulnerabilities and threats. ... implement and enforce WLAN security policies to lockdown enterprise WLANs. ...
(Focus-Microsoft)