Re: Prevent copying to local HD
From: Brian K. Sheperd (brians_at_lesker.com)
Date: 10/10/03
- Next message: bruno postiau: "Re: Prevent Installation of AOL Software"
- Previous message: S. Pidgorny
: "Re: How to replace Root CA?" - In reply to: David Wang [Msft]: "Re: Prevent copying to local HD"
- Next in thread: David Wang [Msft]: "Re: Prevent copying to local HD"
- Reply: David Wang [Msft]: "Re: Prevent copying to local HD"
- Reply: S. Pidgorny
: "Re: Prevent copying to local HD" - Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 10 Oct 2003 08:37:07 -0400
David,
Unfortunately, I don't have concrete specifics. Management just said that
they want the information secured (as a generality) by preventing digital
files from leaving the office, but without the infrastructure in place, it
is impossible for us to control.
>From what I can tell, it all stems from our Unix system. With Unix (ftp
only allowed for wheel group), users can telnet to the system. They can
print stuff, but they cannot (easily) copy info to a laptop/remote storage
and have company info. With our Novell, NT and 2000k servers, people are
storing info in TXT, word, excel, access, etc; however, if you only have
read access to the directory, you can still copy it to your HD. They want
the user to be able to work on the info on the server, but that is it. I
probably confused issues by stating a database example. It is not solely
database files. I was just stating that the only way that I could think of
would be to place the info in a database such as SQL (if it could be stored
in that capacity). It would be difficult to physically get to the actual
database. Queries could be run, but you are only getting a subset of info
depending on your privileges.
As for security.. that is another issue. They want to protect the digital
information; however, they do not care about passwords (can be blank -
forget about age expiration and complexity). Our 1 branch had a dsl with
public IPs on the internal network (no firewall) - even after telling them
the consequences. It ultimately comes down to be a very bad situation. How
can your secure something if your basic (very basic) measures are not
enforced?
Brian
"David Wang [Msft]" <someone@online.microsoft.com> wrote in message
news:OkuNLfWjDHA.1884@TK2MSFTNGP09.phx.gbl...
> Ok. Can you please define:
> 1. What you are trying to control access to
> 2. What degree of security do you actually want, including mitigation of
> security breach.
>
> It sounds like you're trying to control access to some Access MDB files --
> which can be stolen by merely copying a single file. What else are you
> trying to secure? Because speaking in "generalities" isn't going to help
in
> your case since a general solution does not and cannot exist for your
> scenario.
>
> To be hardcore about security, you must assume the worst. You must also
> plan for mitigation of that security breach.
>
> --
> //David
> IIS
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> //
> "Brian K. Sheperd" <brians@lesker.com> wrote in message
> news:OzKcPxMjDHA.1672@TK2MSFTNGP09.phx.gbl...
> Thanks for the posts. There wasn't anything that I could think of to
limit
> this in NTFS or GPO. We do have Citrix Metaframe. With Citrix, I can
turn
> off client mappings; however, I am not sure about clipboard. When I first
> installed Citrix, I couldn't copy to the clipboard; however, once I
> installed Feature Release 1, it worked -- so there may be a way to prevent
> it.
>
>
>
> I was looking at Indigo Security (http://www.indigosecurity.com), but I am
> not entirely sure that would provide what they are looking for. I don't
> think that they want this as an absolute lock down -- mainly a deterrent.
> So far my best guess is to incorporate a database with a front-end to only
> supply limited information. Some of our databases are with MS Access. As
> long as you copy the MDB or MDE file with the security file - you pretty
> much have the whole thing. Even the passwords are not entirely secure
> against some 3rd party programs.
>
>
>
> I know that there is software to lock folders (at least there used to be)
so
> that people wouldn't accidentally move them behind other folders;
therefore,
> I just thought that there might be a hardware or software application that
> may accomplish this task.
>
>
>
> Thanks again,
>
> Brian
>
>
>
>
>
>
>
- Next message: bruno postiau: "Re: Prevent Installation of AOL Software"
- Previous message: S. Pidgorny
: "Re: How to replace Root CA?" - In reply to: David Wang [Msft]: "Re: Prevent copying to local HD"
- Next in thread: David Wang [Msft]: "Re: Prevent copying to local HD"
- Reply: David Wang [Msft]: "Re: Prevent copying to local HD"
- Reply: S. Pidgorny
: "Re: Prevent copying to local HD" - Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
