Re: Prevent copying to local HD

From: Hairy One Kenobi (abuse_at_[127.0.0.1)
Date: 10/07/03


Date: Tue, 7 Oct 2003 13:01:27 +0100


"S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message
news:expaDWLjDHA.4048@tk2msftngp13.phx.gbl...
> The question is then how do I prevent clipboard transfer to the Remote
> Desktop/Citrix client?

At this level of paranoia, you'll need to replace the Windows GUI. I've
worked with a bank or two that have done precisely that.

Anything less, and you don't have enough control over more rather obvious
holes, such as printing.

Onviously, this is unrealistic in most cases; generally, you'd lock-down
everything execpt the temp directory, and reluctantly accept that you can't
enforce an overall security policy using a single tool.

-- 
Hairy One Kenobi
Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!
> "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
> news:OcaecaJjDHA.2512@TK2MSFTNGP11.phx.gbl...
> > In addition to David's comments.
> >
> > If you're not worried about someone tapping the local hardware, you
could
> > look at something like Terminal Services or Citrix.
> >
> > Cheers
> > Ken
> >
> > "David Wang [Msft]" <someone@online.microsoft.com> wrote in message
> > news:O3AOMXJjDHA.1716@TK2MSFTNGP12.phx.gbl...
> > : How secure do you want this to be?  With untrusted hardware, what you
> are
> > : asking for is impossible.  When you want to prevent people from
> "copying"
> > a
> > : file yet allow them to work with the file, you have to somehow make
sure
> > : that the agent which the user uses to access the file is trusted.
That
> > : whole chain of trust must go to the HW and CPU itself (because you
don't
> > : know if someone taps the network card, taps the video card, taps the
> > : Hard-Drive controller, etc -- and they've just illegally obtained a
> "copy"
> > : of this data ).
> > :
> > : In other words, this is not currently possible.  This sort of ability
is
> > : very controversial and have huge societal implications.
> > :
> > : -- 
> > : //David
> > : IIS
> > : This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> > : //
> > : "Brian K. Sheperd" <brians@lesker.com> wrote in message
> > : news:erAbgnAjDHA.3340@tk2msftngp13.phx.gbl...
> > : Hello,
> > :
> > :
> > :
> > : I apologize in advance if this is in the wrong area.
> > :
> > :
> > :
> > : We have a Win2K domain with some standalone 2k servers.  Is it
possible
> > with
> > : either win2k or 3rd party applications to prevent people from copying
a
> > file
> > : from the server to their local hard drives; however, still be able to
> work
> > : (modify, create, etc) with files on the server?
> > :
> > :
> > :
> > : Thanks,
> > :
> > : Brian
> > :
> > :
> > :
> >
> >
>
>