[sclug] Personalised web content filtering

Thu Jun 16 13:10:48 UTC 2011

On Thu, Jun 16, 2011 at 13:30:49 +0100, Neil Haughton wrote:
: Dick,
      ^on -- this is important.

: Thanks for the views, but in this case the morality, whys and wherefors
: aren't my province.

Indeed, but you're asking the impossible.

: I'm looking for a technical solution to the technical
: problem.

No, you're not.  You're looking for a technical solution to an HR problem.
This is not a technical problem that has any meaningful technical
solution, as all technical solutions can (and will, with a determined
enough attacker) be circumvented.

: It's a question of rings of defence, as it were, rather than
: guaranteed impregnability.

None of the solutions you may be sold will work, as fundamentally you have
two, conflicting problems: a) some of your users need to be able to get to
a 'trusted' subset of the Internet but not the rest of it, and b) some
others of your users need to be given more-or-less unfettered access to
everything.  The only realistic way of doing this is to split your network
in two, and firewall everything between the two networks: split your
network into everything-access and limited-access, lock down the
limited-access to just what's allowed, install a second set of mail
servers and the like (or give everybody a second PC on their desks to
access the full-access network), and lock down both networks to known,
authenticated devices only, based on whatever that Ethernet standard is
that I currently forget.

Note that if you give someone a second PC on the full-access LAN, there's
nothing stopping them dropping a high-res webcam on it, pointed at the
screen of the locked-down one, and them cron()ning an overnight job to
flash source in barcode form across the screen for capture and onward
transmission.  So you lose.

And bear in mind that your locked-down can have no access to external DNS,
even via your own resolvers.

: As I stated, the 'physical' blocks have already
: been imposed (locked USB sockets, no media writer or external disk drives
: etc) .

You're bound to have forgotten Firewire.  Everybody does.

: If you had a valuable and unique piece of source code (on which your income
: depends) that your competitors would love to get their hands on given half a
: chance, especially in legally unreachable countries, you might think
: slightly differently about the practicalities of simply being nice and
: trusting. It's a harsh world out there and possession is sadly still 9/10ths
: of the law.

Not really.  I'd probably start by vetting my future employees more
closely -- CRB checks, perhaps; maybe as far as doing some deeper
background checks if that's feasible and makes economic sense -- but
realistically, there's a line between paranoia and practical
considerations that needs to be drawn.

When you start hampering your employees enough that they leave, and you
start having to recruit more, that's when your competitors can think about
infiltrating you.  Good luck to them, IMHO.  There's absolutely no way you
can stop that data leaking if someone is determined to do so.  If MI5,
Microsoft, and the Blu-Ray disc mob can't, what makes you think you can?

Saying 'defence in depth is a good thing, so we're going to do something
bloody stupid' isn't a sign of intelligence.

Dickon Hood
-- 
Due to digital rights management, my .sig is temporarily unavailable.
Normal service will be resumed as soon as possible.  We apologise for the
inconvenience in the meantime.

This email was sent from a colocated server, and needs no excuses.