1. Field of the Invention
This invention is in the field of computer security and data loss detection.
2. Description of the Related Art
Computer security problems are both ubiquitous and infamous in the modern world. One important class of security problems is caused by data leaks, where an attacker, who may be a trusted member of the organization using various computers and computer networks, gains access to a computer or network holding sensitive information. The attacker may then insert a removable drive, such as a USB memory stick, writeable CD, writeable DVD and the like in the computer, download sensitive files, and then may use these sensitive files to cause a considerable amount of damage.
One of the more recent examples of this type of problem was an incident involving a large scale government data leak. Here, although the computers had been configured to disallow portable USB drives, the perpetrator was alleged to have gained access to sensitive information by using a rewritable CD (CD-RW) containing popular music. The attacker allegedly used a homemade rewriteable CD, containing music, to download sensitive files.
In addition to sensitive governmental information, many other types of data breaches are common, including bank data, corporate customers list, credit card data, intellectual property, medical records, and the like.
To help reduce the severity of this type of problem, in recent years a data loss detection industry has sprung up. The field has grown to the point that millions of dollars are now spent purchasing complex data loss detection hardware and software products. However due to economic constraints, lower cost methods to prevent data loss would, of course, be highly valued.
Windows Management Instrumentation (WMI)
Operating systems, such as Windows, UNIX, Linux, and the like often have various standard methods to manage internal organizational networks, which in some cases may be composed of tens of thousands of individual computers or more. Such systems allow network administrators to write scripts and applications to automate various administrative functions on these various computers, often from a centralized location. These systems may often use a common information model (CIM) standard to represent the wide variety of diverse computerized devices on the organization's network. A script or application running from a central location may access these various computers, and perform various administrative tasks, by way of forming Distributed Component Object Model (DCOM), COMsource, Windows Management Instrumentation (WMI) connections, or other type connections with the remote computers.
Using the Windows management instrumentation (WMI) as a particular example, various scripts and applications can be written to enable WMI to help perform administrative tasks on remote network computers in various compiled and interpreted scripting languages.
Thus, for example, a system administrator might use various scripts that in turn call WMI to perform various functions such as to obtain information about what operating system is installed in the various computers, what printers are installed, the computer disk drive state, if the computer is a desktop or laptop, control screensavers, shut down remote computers, and so on.