Since internet gathered its popularity, information loss through electronic channel have become prevalent. It is easier to exploit internet to collect credential information, mainly personal or corporate information. New services, features, communication media are blended into existing internet services with internet as its information transport platform. New channels are opened as a particular Web site implements a new feature and existing communication systems evolve to bypass previously effective control measures. Bellow are 10 possible information loss that goes trough electronic channel that you must aware of.
The World Wide Web
World wide web can be look up of as one giant information transport channel. This can range from Web conferencing systems, bulletin boards, blogs, wikis, through to internet storage and backup sites. How to manage and to control of the information flow to and from the Web can be problematic as often it is hard to distinguish the legitimate from the illegitimate. The use of SSL or other encryption/tunneling techniques can further challenge perimeter-based policy enforcement.
Internet Messaging Systems
Today more than ever, email is becoming the chosen media for information transport. Not only it is fast, reliable, and easy to use, but now corporate also adapted this platform for supporting daily operation activities. In recent years we saw emails has been joined by other related technologies such as web based email and instant messaging. Something important to note is that they are intended for use in such a way information leakage is hard to distinguish from the authorized sharing of information to intended recipients. Even though corporate have stringent rules to monitor their email transport and block access to public email such as Yahoo Mail, Gmail and Hotmail, it’s still quit difficult to prevent such information loss through this media.
Electronic Communication Equipment
Electronic communication equipment can be grouped to company use or personal use. But more than ever, the separation is becoming blur. Faxes, modem, cable lines, cell phones, PDA, webcam can be sources of information loss as well as potential source of free flow of information.
Indirect Inferential Disclosure
In many cases the use of the web, even when information is not moved, can disclose some information loss or free flow of information. For example, the fact of one corporation aiming to buy another maybe disclosed by an unusual pattern of hits to the target’s Web site, or, as has happened on several occasions, a preemptive domain name registration can disclose an impending merger that is still not in the public domain. This can include both business disclosure and technical disclosures.
Web Publishing, Blogs, and Bulletin Boards
Do you know that some desktop tools such as Microsoft Office are optimized for Web-based interaction and utilization. This can be from automated Web publishing to external Web sites, cross-corporate-perimeter calendaring and scheduling information transport exchange, to automated population and synchronization with so-called blogs and bulletin boards. This can conspire to be an overt channel for leak information or an indirect channel for the unwary.
Social Networking and Social Bookmarking Sites
You may not be surprised the popularity and growing numbers of social networking sites nowadays. The sites are devoted to managing relationship between it subscribers. Friendster, Face book, MySpace, Yahoo360 are some the mammoth in social networking site, while Digg, Delicious, StumbleUpon, Technorati are places that make users easier to exchange bookmarking sites and exchange the same interest information. Yes these sites present a useful and legitimate set of services that can be used to overtly information leakage courtesy of their messaging and information management capability to flow of information through their use, that is, leak information the identity of your clients as they are represented in your network of connections.
Wireless Networking
This mean of corporate LAN give user flexibility and mobility among other benefits. Even though it is protected with encryption key and password, but it also posed some potential information leakages sources. The concentration of most corporations in major commercial districts and the increasing range and reliability of WLAN technology, coupled with the laggardly approach to WLAN security in most environments, can result in a viable out-bound leak information.
Malware
There is an increasing variety of malware (spyware, adware, and Trojans) that unlike viruses or worms have the primary aim of stealing information or recording and relaying behaviors such as the names of Web sites visited.
Phishing
There are some shady attack techniques attacks assorted as “phishing” whereby unsuspecting people using a variety of electronic and social techniques into visiting bogus web sites that ultimately lead to information loss. Inmost cases these are bogus financial Web sites where the aim of the attacker is to convince someone to electronically disclose their credit card number, bank account numbers, online banking passwords, or ATM PIN codes.
Remote Control, Anonymizers, and Tunneled Protocols
Although the corporate network may be well protected from the outside in, there can be plenty of opportunity for connections from the inside out, ranging from remote control software such as GoToMyPC.com to anonymizers and firewall tunneling software such as Firethru.com, all designed to install with minimal privilege and to embed or tunnel themselves through authorized protocols such as http or https. Although these can be controlled, they are difficult to control absolutely without affecting legitimate services or capabilities on the end points within the enterprise.
