“If you have already leaked”: how to make the workflow a little safer – basic information security recommendations

Earlier we discussed non-obvious points related to by rotating passphrases and personal information security. Today we will continue the topic, but let’s talk about working with files, namely, how to figure out who “leaked” confidential information using metadata and to protect company documents.

Search for “unique leaks”

If a company exchanges confidential files with a large number of partners, leaks inevitably occur and classified information gets into the network. As reported in ZDNet, just a couple of months ago, “merged»Intel corporate files over 20 GB in size.

The source of such a problem could be discovered if an auxiliary system was introduced into the document flow in advance, which would make minor modifications to each copy of especially valuable documents – additional spaces, missing periods, “invisible characters”, homoglyphs or even typos. This is one of the simplest security options, so it is easy enough to calculate if a person has experience with text. As a more advanced approach, more complex affine transformations…

This method works for both ordinary paper and electronic files. Distributed copies are automated with unique combinations of changes – for example, slight differences in line spacing, kerning, text color, and other formatting options. Copies are checked using the software overlay of such signs – in the system they are in the form of compact “casts” so as not to clog the storage with hundreds of options for each separate PDF file. By the way, the other day there was a story on Habré on behalf of a company developing in this area, and the simplest actions can be undertake and by generating documents using the Python library FPDF:

from fpdf import FPDF 

pdf = FPDF() 

pdf.add_page() 

pdf.set_font("Arial", size = 15) 
  
pdf.cell(200, 10, txt = "HabraPost",  
         ln = 1, align = 'C') 

In addition to or in addition to working with content, it is worth considering metadata accounting. Unique copies of especially valuable files can be “run” through utilities like MD5 Hash Changerthat modify the hash by adding an arbitrary number of null values.

Vendor-lock aka DRM

This approach should be safely attributed to the more stringent, but already from the category of preventive. It is known to everyone for its wide application in the distribution of music, games and e-books, where it is difficult to imagine the ability to track the fate of hundreds of millions of unique copies of files.

There are solutions of this type for the corporate environment – for example, their use for video licensing in the hospitality industry, so as not to purchase special DRM hardware for hotels, to protect streams from copying and to more efficiently manage the infrastructure for content delivery.

If we talk about more classic use-cases (protection of corporate documents), we are mainly talking about working on corporate mobility (remotely and in the office) – control over employee devices, network access and encryption. This subsection of DRM control is also called IRM (Information rights management) or E-DRM (Enterprise Digital Rights Management).

Often such solutions are deployed in the cloud – for example, for individual virtual workplaces… This approach also allows us to close a number of issues related to the threat of malware and different vectors attacks that can lead to the leakage of critical company documents.

Individual solutions – like Dangerzone – can serve as a complement to such a setup.

They convert suspicious docs, images and presentations (for example, sent from unknown senders via email to a company address) in their sandbox into secure PDFs.

Trust issue

Various methods of document protection are also used by special services (see. Reality Winner case), but sometimes it is worth weighing up the need for most of these measures in your company.

If you enter them without the help of lawyers or do not notify your employees that you are protecting the workflow for certain purposes, and they begin to notice strange formatting of documents, such concern for information security can become a “shot in your own foot.” After that, you will have to spend energy already on restoring trust in the team.

You need to understand that technology – can not be a “silver bullet” if we consider them in isolation from the human factor and analysis of the general structure of the company’s business processes.

Additional reading:

• We analyze recommendations for protecting personal data and information security – what to look for

• Why developers are more valuable than money, how to save and increase them

• TL; DR: unusual “remote control”, gadget inspection and personal information security