Re: Implementing security for a "very secret document"

"Steve Riley [MSFT]" <steve.riley@xxxxxxxxxxxxx> wrote in message
news:O4R9vCzHIHA.3916@xxxxxxxxxxxxxxxxxxxxxxx
"Alun Jones" <alun@xxxxxxxxxxxxx> wrote in message
news:eF9E60WHIHA.4584@xxxxxxxxxxxxxxxxxxxxxxx
"D-B" <DB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8D57FA47-2547-489A-B1DA-57F1160E8874@xxxxxxxxxxxxxxxx
I want to protect a document on a computer by disabling any kind of copy.
Is
it possible ( i want this document can't leave my domain) ?

Deny read access to the document, and it will be completely impossible to
copy it [from the account(s) that have been denied read access, unless
they are administrators].

Yes, but this would prevent even reading (except for administrators, as
you mention). Presumably the document exists because _someone_ needs to
read it. If the document were never to be read by anyone, then the best
security option would be to delete the document!

I guess I didn't swing my sledge-hammer hard enough. My post was more subtle
than I intended it to be.

The key here is that "prevent copying" requires an understanding that
"copying" consists of two operations:
1. Reading the data.
2. Writing the data.

Prevent either of these actions, and you have prevented copying.

You can only prevent actions on devices that you control.

If protecting against writing the data, then, you have to ensure that the
only writable media is that which is under your control. That means blocking
the attachment of foreign devices, prohibiting cameras, notepads, or users
with really good memories.

Protecting against reading, by comparison, is relatively simple.

Alun.
~~~~


.

Relevant Pages

  • Re: Implementing security for a "very secret document"
    ... Yes, but this would prevent even reading. ... If protecting against writing the data, then, you have to ensure that the only writable media is that which is under your control. ... That means blocking the attachment of foreign devices, prohibiting cameras, notepads, or users with really good memories. ...
    (microsoft.public.security)
  • Re: Inexpensive Electronic Temperature Switch by Dwyer (Love) Controls
    ... double boiler espresso machines. ... the PF reading was always a fixed offset away ... average shot temperature within 1F at worst. ... of an on/off control is minimized. ...
    (alt.coffee)
  • Re: Inexpensive Electronic Temperature Switch by Dwyer (Love) Controls
    ... crumpled aluminum foil) would get you a truer reading? ... > double boiler espresso machines. ... > average shot temperature within 1F at worst. ... > of an on/off control is minimized. ...
    (alt.coffee)
  • Re: SFWA Folds its ePiracy Committee - For Now
    ... that sort of system is actually very difficult. ... scramblers to prevent copying. ... will, in the name of 'protecting my rights,' overreact and implement ... I stand by my pessimistic faith in the cupidity of man, that someone, ...
    (rec.arts.sf.composition)
  • Re: ATC question
    ... A friend of mine flew into Reading, ... with radar approach control, they elected to simply call tower directly ... My friend said that the controller was quite nasty ...
    (rec.aviation.piloting)