Do you block/quarantine encrypted email too? If not, they can encrypt
the email and your attachment filter won't be able to see it.
Otherwise, good solution - you may find, particularly if you need strong
"anti-copy" type controls, that you could get some value from a DLP
suite - Verdasys Digital Guardian for example is one I implemented in a
past role to strictly control that type of activity. Cost will be an
issue.
a
-----Original Message-----
From: Jeff S. Gottlieb [mailto:[email protected]]
Sent: 11 May 2011 21:25
To: NT System Admin Issues
Subject: RE: BLOCKING end-users from ATTACHING and EMAILING...
SOLUTION FOUND
VIPRE Email Security has what's called Attachment Filter [was right
under our noses]. We are *now* able to prevent specific documents from
being attached and emailed by specific users [or department]. All Policy
features in the Attachment Filter tabs worked quite well, with minor
exceptions [*see below]. Our custom rule, "*(CLASSIFIED).PDF", stops PDF
docs that end with "CLASSIFIED" in parenthesis. All classified documents
were placed Read Only in a shared folder for all users. These documents
will be given names for the above rule to catch, i.e., "Standards for
Dakota (CLASSIFIED).pdf". The PDF documents are converted using Adobe
security, whereby the users cannot modify, copy /paste, or print. Using
Sophos we activated "Device Control"
preventing the end-users from coping to Storage, Network, or Short Range
devices. The last step is to prevent these PDF [Read Only] documents
from being copied locally and renamed. We are searching for a good
"Anti-copy"
software. It appears that there are some choices. programs like "M File
Anti-Copy" http://mini-products.net/ .so far untested.
It appears we have a DLP solution to look forward to. Cheers -J
Thank you all for the replies [contributions] including:
Justin Thomas: [email protected]
Martin Blackstone: [email protected]
Angus Scott-Fleming: [email protected]
Jim Kennedy: [email protected]
Jeff Steward: [email protected]
James Rankin: [email protected]
Andrew S. Baker: [email protected]
*The syntax "%FILENAME%" used under the Notifications tab oddly returned
the subject of the email rather than the filename (GFI case is pending)
*Earlier on, the Attachment Filter failing entirely. the result of our
Digital signature in emails. Resolution came by changing the statement
from "false" to "true" in
<ScanDigitallySignedMessages>true</ScanDigitallySignedMessages> found in
the directory \VIPRE Email Security\globalsettings.xml file
The latter issue dragged on for what seemed like forever [5-days]. After
several techs [3-4] it was finally resolved by Matthew D. (Nice Job!)
From: Jeff S. Gottlieb [mailto:[email protected]]
Sent: Friday, May 06, 2011 4:32 PM
To: NT System Admin Issues
Subject: RE: BLOCKING end-users from ATTACHING and EMAILING...
Agreed! .and thank you for your worthy replies.
We recently discovered Vipre Email Security has what's called
"Attachment Filter" .albeit it doesn't quite work AS OF YET, and no one
[including Vipre Support] is able to say why.
For the Vipre Security users out there.check out the "Rules" tab. Now
this looks like something with tremendous DLP potential. Now if we can
just get it to work. Cheers -J
From: Jeff Steward [mailto:[email protected]]
Sent: Friday, May 06, 2011 4:24 AM
To: NT System Admin Issues
Subject: Re: BLOCKING end-users from ATTACHING and EMAILING...
I asked that question as I have been involved in stolen/leaked
Intellectual Property issues where someone was faxing CAD drawings to a
competitor. If this data is truly considered 'the secret sauce' then as
others have suggested, get a real DLP solution in place. There is no
perfect security in business since you have to let the pesky end users,
customers and sales folks interact.
Good luck!
-Jeff Steward
On Thu, May 5, 2011 at 12:51 AM, Jeff S. Gottlieb
<[email protected]> wrote:
Thank you Jeff.
The CAD operators cannot print the items of sensitivity [again we need
to prevent the possibility to email only].
Many of these items [documents] represent "Standards" or dimensions
which the engineers use for all projects, and are located in one folder.
These docs are large, including roughly 130 pages each, and would easily
allow other manufacturing firms to replicate the same exact pieces.
This is VERY Similar to the secret recipes for the odors of Crayola
crayons, or Papa John's Pizza garlic sauce, etc., etc.
Ps. The latter is something I would LOVE getting my hands on. I would
make a HUGE batch for home use to dip the crust of *any* pizza!!
From: Jeff Steward [mailto: <mailto:[email protected]>
[email protected]]
Sent: Wednesday, May 04, 2011 8:14 PM
To: NT System Admin Issues
Subject: Re: BLOCKING end-users from ATTACHING and EMAILING...
Can the CAD operators print? Seriously, if the owners need to protect
their
intellectually property at that level, have the engineers upload the
docs to
a directory for review and approval and let a 3rd party review them
prior to
sending them to an external destination.
-Jeff Steward
On Wed, May 4, 2011 at 7:49 PM, Jeff S. Gottlieb
<[email protected]>
wrote:
Thanks Martin
We too were thinking that might be a viable option. If seems NOT good
for
two reasons.
1) That is a Global setting, whereby the entire company would be
effected by
the one Exchange server
2) This department needs to transfer large files MOSTLY internally, but
on
rare occasions outside
Sorry I forgot to mention this in our original post. -J
From: Martin Blackstone [mailto: <mailto:[email protected]>
[email protected]]
Sent: Wednesday, May 04, 2011 2:50 PM
To: NT System Admin Issues
Subject: RE: BLOCKING end-users from ATTACHING and EMAILING...
You could just put such a small attachment size restriction on them that
nothing would go.
Say 1K.
From: Jeff S. Gottlieb [mailto: <mailto:[email protected]>
[email protected]]
Sent: Wednesday, May 04, 2011 1:47 PM
To: NT System Admin Issues
Subject: BLOCKING end-users from ATTACHING and EMAILING...
We are searching for a method to BLOCK end-users from ATTACHING and
EMAILING
[sensitive] docs located on a SPECIFIC FOLDER of the share.
What we have accomplished thus far:
1) Using Sophos we activated "Device Control" preventing end-user from
coping to Storage, Network, or Short Range devices
2) Using Sophos we also activated "Data Control". thus creating email
alerts
detailing the sender /recipient, time /date, and name /location of
attachment
3) All documents are converted to PDF with security options that prevent
copy /paste, and printing
4) End-users are NOT allowed Internet access
Owners are left *totally* unsatisfied with all the above, as these
measures
are not preventative enough.
Leaving any of the end-users without ability to email is NOT an option.
Leaving a [public] workstation open, available with access to this
SPECIFIC
FOLDER, and then having no email /Internet is NOT an option.
These end-users are all in the CAD design department.
Given the nature of the business, suffice-it-to-say, one drawing in
email
could represent a significant loss.
Sadly, the owners feel they cannot entirely rely on the loyalty of
generously paid employees [with great benefits], company policies, and
or
legalese.
Thanks in advance for any suggestions. comments. Cheers, -J
EMPLOYEE Supposition:
Surely in created the level of sophistication placed in Sophos with
Device &
Data Control suggests that a greater need exists to protect the
employer's
intellectual property. Along with these concepts, the end-users
themselves
have become more sophisticated and perhaps unfortunately [these days]
more-willing to place their positions on the line.
I guess if we've done our IT job. than the end-users ONLY option is to
snap
a photo using a cell-phone. What then will the employer do?? Add company
policy to include NO CELL PHONES?? Imagine a world AT WORK without
texting,
tweeting, and the occasional personal call??? Ouch!
EMPLOYER Supposition [slave-master]:
Add video surveillance too!!!! :--/
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
************************************************************************************
WARNING:
The information in this email and any attachments is confidential and may be
legally privileged.
If you are not the named addressee, you must not use, copy or disclose this
email (including any attachments) or the information in it save to the named
addressee nor take any action in reliance on it. If you receive this email or
any attachments in error, please notify the sender immediately and then delete
the same and any copies.
"CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange
Tower × One Harbour Exchange Square × London E14 9GE"
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
