Re: media security

From: Thor Kottelin (thor@anta.net)
Date: 09/21/02


From: Thor Kottelin <thor@anta.net>
Date: Sat, 21 Sep 2002 09:46:50 +0300


(top-posting corrected, follow-ups narrowed)

Sam Simpson wrote:

> "david" <dcn@mycity.com.cn> wrote in message
> news:41dc6dfe.0209201024.57583225@posting.google.com...

> > I was asked by the friend to help him get his office information
> > secure.
> >
> > What he want to achieve is that he don't want people to copy contents
> > from the harddisk without his consent, e.g. the CD writer or the
> > floppy disk can only do reading operation without permission, or the
> > stuff copied out is scrambled or encrypted.

> Consider centralising the computing resources using either Terminal Server
> or Citrix. This will allow people to work as usual but prevent them (as
> defined by the administrator) from saving documents to local drives, copying
> from the clipboard etc.........

I'm not familiar with Terminal Server, but anyway, disabling the clipboard
would seem to cripple normal use quite heavily. Also, would you be able to
restrict the display device as well, or would it be possible for an attacker
with read access to install modified display hardware that would allow him
to save screenshots (that later could be fed to a character recognition
application)? I don't know whether such devices exist, but in the absence of
easier solutions, I assume an attacker would build one.

The above may seem a little far-fetched, but in short, what I'm trying to
say is about the same as Dima did: if they can read it, they can save it,
one way or another. If the original poster cannot trust his
employees/students/customers/whomever with the files in question, he
shouldn't allow them access, period.

Thor

-- 
http://thorweb.anta.net/		OH2GDF

PGP public key available