154
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 27 Nov 2024
154 points (97.0% liked)
Linux
48376 readers
698 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
There is a fundamental issue with this approach: the rogue employee has already copied the data to a USB drive by the time you try to wipe it.
If the data is confidential, you either need to set up standard disk encryption and trust the employee, or not let them access it in a way it can be bulk copied. For instance, might it be possible for them to use a webapp that you control access to or a remote desktop type setup?
A lot of employers (at least the larger ones) block USB drives and have software to monitor for data exfiltration - monitoring where files are copied to, usage of copy/paste in browsers, etc.
You should always assume that your work devices are being monitored.
I agree that you should assume you're being monitored, but, while that helps against malware type exfiltration, it does little to stop someone who is determined to exfiltrate the data as there are a myriad of ways to do so that aren't possible to monitor, such as simply taking a video of the screen whilst displaying the information.
Ultimately, the company has to trust the employee or not give them access to the sensitive data, there's no middle ground.
This is fundamentally true. However it is possible to limit the bandwidth of data the employee can exfiltrate.
Assuming a privileged employee suddenly becomes a bad actor. Private-keys/certs are compromised, any kind of shared password/login is compromised.
In my case I have a legit access to my company's web-certs as well as service account ssh-key's, etc. If I were determined to undermine my company, I could absolutely get access to our HSM-stored software signing keys too. Or more accurately I'd be able to use that key to compile and sign an arbitrary binary at least once.
But I couldn't for example download our entire customer database, I could get a specific record, I could maybe social engineer access to all the records of a specific customer, but there is no way I'd be able to extract all of our customers via an analog loophole or any standard way. The data set is too big.
I also wouldn't be able to download our companies software source code in it's entirety. Obviously I could intelligently pick a few key modules etc, but the whole thing would be impossible.
And this is what you are trying to limit. If you trust your employees (some you have to), you can't stop them from copying the keys to the kingdom, but you can limit the damage that they can do, and also ensure they can't copy ALL the crown jewels.
That's fair, but the OP was talking about having the sensitive data directly on the laptop, which rather limits your ability to control access to it, and why I was suggesting keeping the data on a server and providing access that way, so limits can be put in place.
Your threat model probably isn't the employee who suddenly goes rogue and tries to grab everything, but the one who spends and extended period of time, carefully, extracting key data. As you, the former can be be mitigated against, but the latter is very much harder to thwart.
That's well set up, but, whilst your competitor would love the whole database, what they're really interested in is the contact details and contract information for maybe your largest three customers. When the dataset to extract is small enough, even quite advanced rate limiting can't really help much. Making sure no one person has access to all of the most valuable data is a good start, but can present practical problems.
I think we're basically saying the same thing. The OP talked about putting all the sensitive information on the employee's laptop, and that's what I was trying to steer them away from.
In the past I've been asked if we can provide our developers access to pull the full source tree, but not copy it anywhere, and, to quote Charles Babbage, "I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question."
I enjoy the security side of sysadmin work, but I find it rather depressing, as all you can hope to do is lose slowly enough that it's not worth attacking you.