1

I just want to know better ways to protect source code from theft on Windows by Removable Devices like CD,Pendrive.

Here is what I know:

  1. Windows Disk Encryption: Pretty nice to protect from offline attacks but when you copy code from encrypted drive to your pen drive windows automatically stores decrypted copy. ( Well, Is there any way to stop this?.)

  2. Encryption programs like true crypt make encrypted containers to hold sensitive data,but when those are mounted,code is unprotected. ( same for programs like Folder lock )

  3. I read somewhere that we can build filesystem filter driver to prevent data from being copied but developing that is not easy.

  4. We can develop Windows Explorer shell extensions but what if someone copies it by Command Prompt or other copy program.

Imagine that this is the only system we have ( so we cant code on another machine ) & we cant entirely disable usb or cd.

Ankush
  • 47
  • 1
  • 3
  • You could look into DLP, but it's expensive snake-oil at best. It'll notify you if someone tries to exfiltrate source code in plaintext via the network, but other than that there's nothing you can do. – Polynomial Jul 21 '13 at 12:49
  • 1
    It's very difficult to know what is going on here. From whom are you protecting the source code? Do these individual have access to the machine on which the source code exist? Give us more information to help you – Adi Jul 21 '13 at 13:01
  • I'd be far more worried about trojans stealing it over the network. – CodesInChaos Jul 21 '13 at 13:04
  • I find this question valid (it's being voted to be closed as "unclear what you're asking"), but it sounds very similar to this one: http://security.stackexchange.com/questions/17276/how-to-prevent-private-data-being-disclosed-outside-of-organization. There it's about any data, but source code is also private data really. – Luc Jul 21 '13 at 14:05
  • It's a good question. Doesn't deserve downvote for being a duplicate. – Gudradain Jul 18 '14 at 15:43

1 Answers1

5

It seems like what you need is a healthy dose of magic unicorn dust.

What you are looking for is impossible to accomplish. Period. Especially since your machine needs to be on and logged in to be actually useful.

If you are looking to prevent your developers from taking the source code they write off your machine, get new developers. You obviously don't trust them enough to not steal the code they write for you so how can you trust them enough to actually write code worth stealing for you?

If you are looking to prevent thieves from accessing your source code, why even let thieves get anywhere near your machines in the first place?

  • 2
    Agreed - this is definitely a case of better management and better policy, rather than a case of better technology. – Polynomial Jul 21 '13 at 12:50
  • There are dozens of ways to prevent the removal of source code from a machine. Just disable optical devices and USB ports through a group policy. Only having an internal intranet connection also helps. Of course if you provide a second machine for internet access you cannot prevent these developers from typing the code again by hand. – Ramhound Jul 22 '13 at 12:59