Archive for December, 2004

As I’ve done several times in the past, here is my security response to the auditor. Nothing really surprising here, but I’m opening it up in case I’ve been a dumbass :)

This is edited, for our security.

Over the last 4-6 weeks, several high profile Desktop Search (DS) tools have been released. The most widely talked about is Google’s Desktop Search tool, though others from Microsoft, Yahoo and Ask! have also been released. These new releases are in addition to mature software from X1 and Copernic.

There are several broad security, as well as corporate, issues with DS software – as well as several security issues with the individual packages.

Desktop Software Issues

For any enterprise, by far the biggest issue is that DS software indexes what is on a computer, as well as what is being done by a computer, and only reports the data to the user. It doesn’t tell an administrator, department head or IT department. Ultimately, we believe that any internal indexing, data mining or reporting software which is investigating users computers should be in the hands of someone who is prepared to deal with any repercussions of what may be found.

Beyond that, several of the packages examine and report results based on what could be termed “sensitive” and “private” data, often without the context for how that data arrived on the hard drive. For example, Google’s Desktop Search (GDS) indexes the cache for whatever web browser is being used – and even searches encrypted pages such as online banking or secure patient service sites.

Most DS tools and suites are, in fact, without a proper mechanism to limit access based on policies (so that users cannot choose to expand the search criteria). This means that even if DS software was “locked down”, it would be easily un-fixed by a user to, once again, search anything and everything.

Overall Recommendation

Overall, the NT team for e-Health Services, Health Sciences Center’s recommendation is to strongly discourage the use of DS software at x. It puts too much power into a users hands to search too much data in an unrestricted and unmanaged fashion. Inherent security issues in several packages, and the propensity for the software to be abused only further our belief that now is not the time to be releasing DS packages into the wild.

If a large enterprise-class vendor were to produce a manageable solution which provided the substantial benefits to users, without the substantial security and privacy risks built into the current generation of tools, we would be more than happy to look at approving the installation of DS software.

For now, however, there are simply too many questions, concerns and issues to condone the use of Desktop Search packages at x.

Are DS’s a security issue? In my opinion, yes. Sure, if someone has physical access to your machine they can “do anything”. However these tools pose a set of problems unique to the ability to find sensitive information. The issue of policies, profiles, access limitations, etc is a whole other kettle of fish.

So, yes, anyone can do “anything” with physical access to your machine. As long as “anyone” is someone who knows how to do “anything”. From an auditing perspective, DS’s have loads of issues, which is where this is coming from.

Feel free to comment and tell me I’m smoking some cheap crack ;-)