OpenDLP – Shmoocon 2011

Andrew Gavin presented on OpenDLP at Shmoocon 2011 today in Washington DC.  From an attackers or pentester’s perspective, you’ve gained access, now how do you gather information.   From a defender’s perspective, how can you find out where people have files that they shouldn’t.    

OpenDLP has two components; an agent and a website.   The website is used to configure, initiate scans, and read reports.   The agent installs on target computers, greps the target data, reports back and uninstalls itself.  There are open source projects to help you find PII in your company, but they involve remote scanning.   All the work is performed by the remote scanning computer, and files need to be transferred across the network.   OpenDLP is much faster than these solutions because it is agent based and the work is performed by the clients.   There is a similar project myDLP that is agent based.   I didn’t catch the relationship, if any, between the two.

You can’t protect what you don’t know about.   Yet management is unlikely to implement a costly DLP project until an auditor tells them you must have it.   Free, Open Source OpenDLP sounds like an interesting project to find those process issues management didn’t really want to know about in the first place.  

Perhaps it’s because it is presented at a hacker conference, but I feel a bit hinky about providing domain admin credentials to this software and telling it to install agents on all my computers.   May be best to do a code review and compile it yourself.

4 Comments

  1. Hello.

    im newly sysadmin and my task is to deploy and explore this open source software. and im having a hard time.
    i have many questions to ask:

    – is there a guide or a video on how to install the software.
    – can this software run on my OS. (not using virtual box or vmware)

    please response.
    Thank you. Best Regards

    “there is no place like 127.0.0.1”
    -Newbie

Comments are closed.