Linux/unix Platform source code and technical document anti-leak solution

A. requirements Background

1. Application software Research and development industry wide range

Application software is to meet the needs of users in different areas, different problems of the application of software, mainly include: Office software, based on network b/s,c/s software, multimedia software, computing design, computer games, analysis software, statistical software, collaboration software, business software, accounting software, ERP,CRM , PDM and so on. The development of these software systems source code, are the backbone of the enterprise's life.

2. Application software research and development industry secrecy status

At present, the research and development staff mobility is very strong, which requires enterprises to establish a set of mechanisms, the enterprise's own knowledge base and project source code, technical documents, such as security control, not only to the active personnel of the act of disclosure, but also to eliminate the separation of the company's core information, to avoid the loss caused by the leak to the enterprise. But the reality is that these developers are basically backing up a copy of the source code and technical documentation, and even backing it up at home, during the development process. These source code and technical drawings, very easy to cause leaks. Common ways to leak:

• Ø confidential electronic files are copied out of the computer via a mobile storage device such as a U disk
• Ø internal personnel will bring their own laptop computer into the company network, the confidential electronic files copied away
• Ø sending confidential electronic documents via e-mail, QQ, MSN, etc. via the Internet
• Ø internal personnel through the preview of confidential electronic files, the preview file for CD-ROM burning, screen screenshot with the company
• Ø internal personnel will print confidential electronic documents, copy and take out the company
• Ø storage via Internet network, save
• Ø internal personnel to bring the computer or computer hard disk containing confidential electronic documents out of the company
• Ø computers containing confidential electronic documents fall into the hands of external personnel for reasons of loss, maintenance, etc.

Many companies are also aware of the importance of information security, but also take some measures, common methods such as closed USB interface, do not allow Sisu network, such as behavior monitoring, but the effect is not good, the negative impact is also relatively large:

• Ø The internet is a huge knowledge base, abandon no use, belong to the cart before the horse
• Ø excessive monitoring, affect the employee's work sentiment even causes the legal dispute;
• Ø increase the operating costs of enterprises, reduce work efficiency
• Ø software developers know more about computers and can still leak
• Ø There is no cure for internal leaks, and there is unworthy suspicion
• Ø Travel Notebook must be the source code data to the scene for debugging, can not control the

Obviously, the traditional information security management system has obviously failed to meet the security requirements, so for the characteristics of industrial control research and development institutions, we need to set up a new complete intranet information security management system to minimize the risk of enterprise information security.

3. Development and commissioning environment of application software industry

Application software development environment is also more complex, the development platform is mostly windows, but also a large part of Linux and UNIX platform.

Development and debugging methods of the local debugging, ftp+telnet login server debugging, and several other situations.

Development language: Java/c/c++/c#/.net/php/delphi, etc.;

Development tools: Visual Studio2005/2008/2010,eclipus,delphi and a variety of dedicated Ides;

Cartographic class: Autocad/solidwoks/3dmax/pro.e/photoshop

Version management: Svn,vss,git

Compiling: GCC,JAVA,CL (embedded)

4. Anti-disclosure requirements for the application software industry

1) ability to adapt to complex development environments

Because of the complexity of the development environment, the way to control the process is obviously not feasible. cannot be controlled because of the development tool version upgrade.

2) in the enterprise developers, without affecting the development of debugging efficiency under the premise, can not be through the mobile storage, network, mail, screen and other ways to divulge leaks. Any file that is involved in a secret document must undergo a rigorous approval process and have traceable log records.

3) The best source code documents on the server is clear text, in the employee development machine is ciphertext, reduce the reliance on encryption software, to prevent security incidents.

4) with strong anti-cracking ability, research and development personnel technology is relatively high, can not be easily found software vulnerabilities. You cannot have the source code packaged out by adding a resource file.

Two Solution-leak-proof with SDC sandbox leak-proof system

SDC Sandbox leak-proof solution uses the world's leading third-generation transparent encryption technology-kernel deep sandbox encryption, based on the underlying operating system, the concept of absorbing the cloud, the environment to encrypt the control, do not rely on software, file type, file size, high reliability and leak-proof solution. is a set of highly scalable, customizable solutions. The system itself integrates network authentication, file encryption, print control, program control, Internet controls, non-certified PC access restrictions, anti-mobile storage, disc burning, anti-screenshot and other anti-disclosure functions in one, truly:

• Ø fully transparent encryption, does not affect staff productivity and habits
• Ø can protect all file formats, including all document formats, all source code formats, sheet formats
• Ø do not control the file, security and stability, do not destroy the file
• Ø the data on the server is encrypted when it is used without landing or landing
• Ø External document Audit, encryption, anti-leak processing
• Ø Outgoing mail application, audit business flow
• Ø no control of the PC is required to prevent leaks
• Ø from the secret environment to take any document, you need to go through the approval process.

When an employee is working, an encrypted sandbox is launched locally, and the sandbox authenticates with the server to form a dense, encrypted workspace where employees work in the sandbox:

--The data on the server is encrypted when it is used without landing or landing.

-All development results must be stored on the server, or in a local encrypted sandbox.

-The sandbox is isolated from the outside world, so it will not leak.

--according to the policy can set the employee to enter sandbox mode immediately after boot.

-The PC that does not boot the sandbox is quarantined, unable to access the server and the employee PC that enters the sandbox.

-The direct login server is unable to copy the data from the application system from the server.

The encrypted sandbox is a container, everything can be installed, the environment is encrypted, not concerned about what the individual is, so the process-independent, and file format-independent, and file size independent, will not destroy the file. Unlike other cryptographic software, modify the contents of the file itself. So does not affect the software compilation debugging, does not affect version management, version comparison.

The client checks out the SVN code inside the sandbox and can connect to the server for debugging. The whole process will not leak.

Linux/unix Platform source code and technical document anti-leak solution