Site News
Current section

July 30, 2010

StaffCop added!

Voting

Would you prefer to have 1 product that can fight both viruses and spyware or a specialized product for every threat?

1 multifunctional product
2 specialized products
VotingView results

September 14, 2009

How we tested endpoint data loss prevention tools

This test was conducted at the Iowa State University Internet-Scale Event and Attack Generation Environment (ISEAGE) Laboratory. A VMware vSphere ESX server was set up on a Dell PowerEdge 1950 with a quad-core Xeon processor, 4GB of RAM and a 500GB SATA hard drive.

Virtual machines were then cloned from four base VM images for each of four operating systems to emulate endpoint devices (Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008).

The base images contained a connection to an HP network printer, eMule P2P file sharing software, OpenOffice.org, Adobe Acrobat Reader, Thunderbird, AOL Instant Messenger, and all of the sensitive data to be tested. After we discovered that vSphere will not share USB drives or CD burners to guests, physical Windows XP clients were configured to test blocking of writing to removable media or burning to optical drives.

Each vendor was required to either ship an appliance and the required endpoint software to ISEAGE, or to make the necessary software available to download. No vendor was allowed to do an on-site installation. Support was obtained on an as-needed basis, though TrendMicro and WebSense both arranged for an introductory session to familiarize us with their products. Two products – Identity Finder and WebSense – also required the creation of a management server. These were built on Windows Server 2003. The TrendMicro LeakProof physical appliance was connected into the same gigabit, switched network as the VMware server, and configured with an IP address on the test subnet.

After all three management servers were running and configured, the endpoint software was installed on each of the client VMs. Then, each combination of exfiltration method and protected file was executed to verify blocking.

This testing method only applied to WebSense and TrendMicro, as Identity Finder's functionality is based solely in discovery and remediation of sensitive data storage, and not on active blocking. For Identity Finder, a search was performed on the test data to determine what portion of the included "identity" data (names, Social Security numbers, addresses and credit card numbers) was correctly identified.

Return to test.



Source: ComputerWorld



All news for September 18, 2009:
20:13Microsoft Internet Explorer SSL security hole lingers
20:11Conservatives call for DNA databases to be reduced
20:09McAfee warns of bogus security suite
20:08Security market remains buoyant in choppy waters
20:07The good and bad of government in the cloud
20:05Vista, Windows 7 Are More Secure than Snow Leopard
20:04Will Google's Buy of reCAPTCHA Hurt Internet Security?
20:01HHS guts health-care breach notification law, groups warn
20:00Man gets 15 months for E-Trade skimming scam
19:59Sophisticated botnet causing a surge in click fraud
19:59Microsoft sues scareware scammers
19:58Software company fined for trading with the enemy
19:58Misdirected spyware infects Ohio hospital
19:57Firefox's Flash check drives 10M to Adobe's download
19:55Microsoft, Yahoo in informal talks with EU over search deal



All news for September, 2009
All news for 2009 year

DONATION: www.anti-keylogger.org and www.keylogger.org is an independent research projects supported by a team of enthusiasts. If you find this project useful and would like to help foster its continued development, please consider making a donation.
donate

Thanks in advance for your support!