Hi all,
Currently i want to develop a driver for DATA LEAKAGE prevention for USB drives. So can anyone suggest me what type of driver i should use for this, and where i will get the information on it.
Regards,
Rajendra
The problem with data leakage is the recognition it is happening. You
either have to enforce that all USB media is read-only or you are going to
have to be extremely inventive to ensure that proprietary data is not being
somehow written to a USB key. If you want the simple case of read only for
USB storage, then this can be done with a disk filter driver (go to NTDEV
for that discussion since it does not involve file systems). I
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Saturday, December 07, 2013 8:03 AM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] What kind of driver need for USB data Leakage prevention.
Hi all,
Currently i want to develop a driver for DATA LEAKAGE prevention for USB
drives. So can anyone suggest me what type of driver i should use for this,
and where i will get the information on it.
Regards,
Rajendra
NTFSD is sponsored by OSR
OSR is hiring!! Info at http://www.osr.com/careers
For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Sorry Don, I don’t think i posted it in wrong blog. If you are telling about filter driver, i think it is a file system filter driver. So i have not posted my question in a wrong blog.
Thanks for your comment.
Regards,
Rajendra
If you are forcing USB disks to be read-only this is a not a file system
filter.
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Sunday, December 08, 2013 12:47 AM
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] What kind of driver need for USB data Leakage
prevention.
Sorry Don, I don’t think i posted it in wrong blog. If you are telling about
filter driver, i think it is a file system filter driver. So i have not
posted my question in a wrong blog.
Thanks for your comment.
Regards,
Rajendra
NTFSD is sponsored by OSR
OSR is hiring!! Info at http://www.osr.com/careers
For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Epoxy-based glue against the USB ports is good 
disabling USBSTOR driver in the registry is good also (if they users and not admins).
And, if you’re speaking about less rude solutions which do not disable USB drives at all… then what you’re speaking about is not even the product, it’s the new security infrastructure (actually adding tag-based security to Windows and to the whole ecosystem of Windows-based document-viewing and document-authoring apps), which require major design effort and lots of components.
This is not a single “driver” for sure.
–
Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com
wrote in message news:xxxxx@ntfsd…
> Hi all,
> Currently i want to develop a driver for DATA LEAKAGE prevention for USB drives. So can anyone suggest me what type of driver i should use for this, and where i will get the information on it.
>
>
> Regards,
> Rajendra
>
Essentially, it is accomplished by rating the “security” of each target
possible for data transfer. So a USB driver would have a score of 0,
meaning totally unsecured. Anything with a security requirement > 0 is
not going to get written.
But, as pointed out, this is a whole new security model.
Question, though: could anything be done using ACLs, where, when a drive
is created, its ACL makes it inaccessible to any but the most privileged
(I presume since security is a concern that no user is granted admin
privileges, but, of course, if the admin is the data thief you are totally
screwed).
joe
Epoxy-based glue against the USB ports is good
driver in the registry is good also (if they users and not admins).And, if you’re speaking about less rude solutions which do not disable
USB drives at all… then what you’re speaking about is not even the
product, it’s the new security infrastructure (actually adding
tag-based security to Windows and to the whole ecosystem of
Windows-based document-viewing and document-authoring apps), which
require major design effort and lots of components.This is not a single “driver” for sure.
–
Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.comwrote in message news:xxxxx@ntfsd…
>> Hi all,
>> Currently i want to develop a driver for DATA LEAKAGE prevention for
>> USB drives. So can anyone suggest me what type of driver i should use
>> for this, and where i will get the information on it.
>>
>>
>> Regards,
>> Rajendra
>>
>
> —
> NTFSD is sponsored by OSR
>
> OSR is hiring!! Info at http://www.osr.com/careers
>
> For our schedule of debugging and file system seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
Hi all,
Will minispy filter driver sample code of winddk help for this purpose ?
Please suggest me.
Regards,
Rajendra
What is your file system filter going to do? If you want to individually
check so that a file is not written with proprietary data then a file system
filter is the way to go. BUT, I submit you will never be able to tell that
the data is proprietary or not, since there are so many ways to hide what is
being done.
So, if you step back the only alternative is to say the USB drive cannot be
written to, and at that point a KMDF disk filter makes more sense. You
would basically indicate that the device is readonly by responding to
IOCTL_DISK_IS_WRITABLE with STATUS_MEDIA_WRITE_PROTECTED, and to be safe
failing all writes to the drive. This is tiny and pretty simple versus a
file system filter.
Of course as has been pointed out any of these schemes will fail if the user
has full permissions, since they can either remove the filter or use some
sort of direct write to the USB drive. The safe way to do this stuff is to
physically disable or lock the USB ports, so no one can insert a drive. I
knew of years ago a firm that had design for such a lock complete with a
separate set of wiring to a central alarm if someone tried to tamper with
it, that is the type of protection needed.
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Monday, December 09, 2013 4:49 AM
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] What kind of driver need for USB data Leakage
prevention.
Hi all,
Will minispy filter driver sample code of winddk help for this purpose ?
Please suggest me.
Regards,
Rajendra
NTFSD is sponsored by OSR
OSR is hiring!! Info at http://www.osr.com/careers
For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
> Essentially, it is accomplished by rating the “security” of each target
Target? Oh no!
The things are much more complex!
You need to rate each document, not only each target.
Developing hooks to MS Office to disable clipboard copy is also a must.
And yes, such a system cannot represent the document as a file. What if the adversary will, say, encrypt the file using his own crypto tool, and then copy the crypted file to the USB flash?
So, you need some document-database software like Hummingbird (think: multi-user iTunes for documents) to do this.
–
Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com
Hey, the OP is already writing code! Don’t try to confuse the issue by
requiring a specification! This is the “I’ll start coding, and after a
while I may even begin to understand the requirements” approach.
joe
> Essentially, it is accomplished by rating the “security” of each target
Target? Oh no!
The things are much more complex!
You need to rate each document, not only each target.
Developing hooks to MS Office to disable clipboard copy is also a must.
And yes, such a system cannot represent the document as a file. What if
the adversary will, say, encrypt the file using his own crypto tool, and
then copy the crypted file to the USB flash?So, you need some document-database software like Hummingbird (think:
multi-user iTunes for documents) to do this.–
Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com
NTFSD is sponsored by OSR
OSR is hiring!! Info at http://www.osr.com/careers
For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
But Joe, this fits the current approach to software:
- Management specifies a goal and a delivery date
- Engineering management / developers choose a technology based on the
goal (typically we already do this for X so we will tweak it for Y, or the
engineers saying Z looks neat lets use that!) - People are thrown at coding basics
- Other folks figure out how to achieve something resembling the goals
based on what they have - The hard work begins - Legal department writes a EULA that completely
protects company while allowing lawsuits for anyone complaining that the
product is deficient - Marketing does a major push including saying it is the “best for A, B,
and C” even though it does not do B at all - Engineering promises all the fixes anyone can wants
- Engineering moves the product to a support or continuation engineering
team.
I got the above slightly paraphrased from a person I know at one of the well
known security companies. So yes the OP is a TOTAL IDIOT, and his effort
with be a HUGE PILE OF SHIT, but don’t worry if he is working for a company
he will be fast tracked for management.
Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@flounder.com
Sent: Sunday, December 15, 2013 12:20 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] Re:What kind of driver need for USB data Leakage
prevention.
Hey, the OP is already writing code! Don’t try to confuse the issue by
requiring a specification! This is the “I’ll start coding, and after a
while I may even begin to understand the requirements” approach.
joe
> Essentially, it is accomplished by rating the “security” of each
> targetTarget? Oh no!
The things are much more complex!
You need to rate each document, not only each target.
Developing hooks to MS Office to disable clipboard copy is also a must.
And yes, such a system cannot represent the document as a file. What
if the adversary will, say, encrypt the file using his own crypto
tool, and then copy the crypted file to the USB flash?So, you need some document-database software like Hummingbird (think:
multi-user iTunes for documents) to do this.–
Maxim S. Shatskih
Microsoft MVP on File System And Storage xxxxx@storagecraft.com
http://www.storagecraft.com
NTFSD is sponsored by OSR
OSR is hiring!! Info at http://www.osr.com/careers
For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
NTFSD is sponsored by OSR
OSR is hiring!! Info at http://www.osr.com/careers
For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
But by the time he is promoted to management, the company will either be
dead, because its products are known to be crap, or he will be placed in
charge of arranging deck chairs on the Titanic.
joe
But Joe, this fits the current approach to software:
- Management specifies a goal and a delivery date
- Engineering management / developers choose a technology based on the
goal (typically we already do this for X so we will tweak it for Y, or the
engineers saying Z looks neat lets use that!)- People are thrown at coding basics
- Other folks figure out how to achieve something resembling the goals
based on what they have- The hard work begins - Legal department writes a EULA that completely
protects company while allowing lawsuits for anyone complaining that the
product is deficient- Marketing does a major push including saying it is the “best for A, B,
and C” even though it does not do B at all- Engineering promises all the fixes anyone can wants
- Engineering moves the product to a support or continuation engineering
team.I got the above slightly paraphrased from a person I know at one of the
well
known security companies. So yes the OP is a TOTAL IDIOT, and his effort
with be a HUGE PILE OF SHIT, but don’t worry if he is working for a
company
he will be fast tracked for management.Don Burn
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@flounder.com
Sent: Sunday, December 15, 2013 12:20 PM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] Re:What kind of driver need for USB data Leakage
prevention.Hey, the OP is already writing code! Don’t try to confuse the issue by
requiring a specification! This is the “I’ll start coding, and after a
while I may even begin to understand the requirements” approach.
joe>> Essentially, it is accomplished by rating the “security” of each
>> target
>
> Target? Oh no!
>
> The things are much more complex!
>
> You need to rate each document, not only each target.
>
> Developing hooks to MS Office to disable clipboard copy is also a must.
>
> And yes, such a system cannot represent the document as a file. What
> if the adversary will, say, encrypt the file using his own crypto
> tool, and then copy the crypted file to the USB flash?
>
> So, you need some document-database software like Hummingbird (think:
> multi-user iTunes for documents) to do this.
>
> –
> Maxim S. Shatskih
> Microsoft MVP on File System And Storage xxxxx@storagecraft.com
> http://www.storagecraft.com
>
>
> —
> NTFSD is sponsored by OSR
>
> OSR is hiring!! Info at http://www.osr.com/careers
>
> For our schedule of debugging and file system seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
NTFSD is sponsored by OSR
OSR is hiring!! Info at http://www.osr.com/careers
For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
NTFSD is sponsored by OSR
OSR is hiring!! Info at http://www.osr.com/careers
For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer