Browse Prior Art Database

Sensitive Data Leak Alert

IP.com Disclosure Number: IPCOM000010438D
Original Publication Date: 2002-Dec-02
Included in the Prior Art Database: 2002-Dec-02
Document File: 1 page(s) / 36K

Publishing Venue

IBM

Abstract

Sensitive Data Leak Alert (SDLA) is an efficient alarm method to determine if confidential or sensitive data is being transmitted outside a corporate firewall.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 72% of the total text.

Page 1 of 1

Sensitive Data Leak Alert

Sensitive Data Leak Alert (SDLA) is an efficient alarm method to determine if confidential or sensitive data is being transmitted outside a corporate firewall.

The current state of the art for hacking is to exploit a buffer overflow in an open port,
e.g. http server. With the buffer overflow the command the hacker will execute is a shell. Now the hacker has access to the corporate network, undetected by the firewall because he has gotten in via an open port (http 80) instead of a port like telnet which has been closed by the firewall.

Once in the web server the hacker will telnet out to the corporate network and attempt to find valuable or sensitive data. Again this will all be undetected by the firewall, because when it crosses the firewall the connection port will be the open port 80.

The idea behind the Sensitive Data Leak Alert, is a very efficient method of detecting when sensitive data is crossing the firewall. This method does not rely on the port number. Once the alert is triggered, the Internet connection could be shutdown, a trace could be put in place, security administrators could be paged, or any such action could be taken.

There are two methods Sensitive Data Leak Alert (SDLA) accomplishes this and both methods are based on the digital fingerprint of the payload.

The first method is to have a table of digital fingerprints of all data accessible to the public. As payloads cross the firewall headed towards the Internet, these...