*>>We were hoping to avoid the expense, but at the end of the day perhaps a DLP professional firm will be needed.*
Time is money. You're going to end up spending both in this case... *ASB *(Professional Bio <http://about.me/Andrew.S.Baker/bio>) *Harnessing the Advantages of Technology for the SMB market... * On Thu, May 12, 2011 at 3:36 PM, Jeff S. Gottlieb <[email protected] > wrote: > > Yes Kurt [thanks]. The users in the department do not have local admin > rights, and the ability to print has been removed. Unfortunately, we have > not been able to prevent users from copy /paste. The rule is, IF a file can > be read... IT CAN be copied /pasted. If the end-users figure out that the > trigger preventing email in Vipre [Attachment filter] is within the name of > the file they can modify it. We are searching for a workaround. > > We were hoping to avoid the expense, but at the end of the day perhaps a > DLP professional firm will be needed. > Alan recommended http://www.verdasys.com/ > We've just seen a demo from http://www.gtbtechnologies.com/ [they use > "finger prints" signatures in documents, then an appliance gateway NOT CHEAP > however] > > Cheers -J > > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Thursday, May 12, 2011 7:51 AM > To: NT System Admin Issues > Subject: Re: BLOCKING end-users from ATTACHING and EMAILING... > > I'm sure you've also ensured that the users can't install alternate > software for reading and printing the document... > > Kurt > > On Wed, May 11, 2011 at 13:24, Jeff S. Gottlieb > <[email protected]> wrote: > > SOLUTION FOUND > > > > VIPRE Email Security has what's called Attachment Filter [was right under > > our noses]. We are *now* able to prevent specific documents from being > > attached and emailed by specific users [or department]. All Policy > features > > in the Attachment Filter tabs worked quite well, with minor exceptions > [*see > > below]. Our custom rule, "*(CLASSIFIED).PDF", stops PDF docs that end > with > > "CLASSIFIED" in parenthesis. All classified documents were placed Read > Only > > in a shared folder for all users. These documents will be given names for > > the above rule to catch, i.e., "Standards for Dakota (CLASSIFIED).pdf". > The > > PDF documents are converted using Adobe security, whereby the users > cannot > > modify, copy /paste, or print. Using Sophos we activated "Device Control" > > preventing the end-users from coping to Storage, Network, or Short Range > > devices. The last step is to prevent these PDF [Read Only] documents from > > being copied locally and renamed. We are searching for a good "Anti-copy" > > software. It appears that there are some choices. programs like "M File > > Anti-Copy" http://mini-products.net/ .so far untested. > > > > > > > > It appears we have a DLP solution to look forward to. Cheers -J > > > > > > > > Thank you all for the replies [contributions] including: > > > > Justin Thomas: [email protected] > > > > Martin Blackstone: [email protected] > > > > Angus Scott-Fleming: [email protected] > > > > Jim Kennedy: [email protected] > > > > Jeff Steward: [email protected] > > > > James Rankin: [email protected] > > > > Andrew S. Baker: [email protected] > > > > > > > > *The syntax "%FILENAME%" used under the Notifications tab oddly returned > the > > subject of the email rather than the filename (GFI case is pending) > > > > *Earlier on, the Attachment Filter failing entirely. the result of our > > Digital signature in emails. Resolution came by changing the statement > from > > "false" to "true" in > > <ScanDigitallySignedMessages>true</ScanDigitallySignedMessages> found in > the > > directory \VIPRE Email Security\globalsettings.xml file > > > > > > > > The latter issue dragged on for what seemed like forever [5-days]. After > > several techs [3-4] it was finally resolved by Matthew D. (Nice Job!) > > > > > > > > > > > > From: Jeff S. Gottlieb [mailto:[email protected]] > > Sent: Friday, May 06, 2011 4:32 PM > > To: NT System Admin Issues > > Subject: RE: BLOCKING end-users from ATTACHING and EMAILING... > > > > > > > > Agreed! .and thank you for your worthy replies. > > > > We recently discovered Vipre Email Security has what's called "Attachment > > Filter" .albeit it doesn't quite work AS OF YET, and no one [including > > Vipre Support] is able to say why. > > > > For the Vipre Security users out there.check out the "Rules" tab. Now > this > > looks like something with tremendous DLP potential. Now if we can just > get > > it to work. Cheers -J > > > > > > > > From: Jeff Steward [mailto:[email protected]] > > Sent: Friday, May 06, 2011 4:24 AM > > To: NT System Admin Issues > > Subject: Re: BLOCKING end-users from ATTACHING and EMAILING... > > > > > > > > I asked that question as I have been involved in stolen/leaked > Intellectual > > Property issues where someone was faxing CAD drawings to a competitor. > If > > this data is truly considered 'the secret sauce' then as others have > > suggested, get a real DLP solution in place. There is no perfect > security > > in business since you have to let the pesky end users, customers and > sales > > folks interact. > > > > > > > > Good luck! > > > > > > > > -Jeff Steward > > > > On Thu, May 5, 2011 at 12:51 AM, Jeff S. Gottlieb > > <[email protected]> wrote: > > > > Thank you Jeff. > > > > > > > > The CAD operators cannot print the items of sensitivity [again we need to > > prevent the possibility to email only]. > > > > Many of these items [documents] represent "Standards" or dimensions which > > the engineers use for all projects, and are located in one folder. > > > > These docs are large, including roughly 130 pages each, and would easily > > allow other manufacturing firms to replicate the same exact pieces. > > > > This is VERY Similar to the secret recipes for the odors of Crayola > crayons, > > or Papa John's Pizza garlic sauce, etc., etc. > > > > > > > > Ps. The latter is something I would LOVE getting my hands on. I would > make a > > HUGE batch for home use to dip the crust of *any* pizza!! > > > > > > > > From: Jeff Steward [mailto: <mailto:[email protected]> > [email protected]] > > Sent: Wednesday, May 04, 2011 8:14 PM > > > > > > To: NT System Admin Issues > > > > Subject: Re: BLOCKING end-users from ATTACHING and EMAILING... > > > > > > > > Can the CAD operators print? Seriously, if the owners need to protect > their > > intellectually property at that level, have the engineers upload the docs > to > > a directory for review and approval and let a 3rd party review them prior > to > > sending them to an external destination. > > > > > > > > -Jeff Steward > > > > On Wed, May 4, 2011 at 7:49 PM, Jeff S. Gottlieb < > [email protected]> > > wrote: > > > > > > > > Thanks Martin > > > > > > > > We too were thinking that might be a viable option. If seems NOT good for > > two reasons. > > > > > > > > 1) That is a Global setting, whereby the entire company would be effected > by > > the one Exchange server > > > > 2) This department needs to transfer large files MOSTLY internally, but > on > > rare occasions outside > > > > > > > > Sorry I forgot to mention this in our original post. -J > > > > > > > > > > > > From: Martin Blackstone [mailto: <mailto:[email protected]> > > [email protected]] > > Sent: Wednesday, May 04, 2011 2:50 PM > > > > > > To: NT System Admin Issues > > > > Subject: RE: BLOCKING end-users from ATTACHING and EMAILING... > > > > > > > > You could just put such a small attachment size restriction on them that > > nothing would go. > > > > Say 1K. > > > > > > > > > > > > From: Jeff S. Gottlieb [mailto: <mailto:[email protected]> > > [email protected]] > > > > Sent: Wednesday, May 04, 2011 1:47 PM > > To: NT System Admin Issues > > > > Subject: BLOCKING end-users from ATTACHING and EMAILING... > > > > > > > > > > > > We are searching for a method to BLOCK end-users from ATTACHING and > EMAILING > > [sensitive] docs located on a SPECIFIC FOLDER of the share. > > > > > > > > What we have accomplished thus far: > > > > 1) Using Sophos we activated "Device Control" preventing end-user from > > coping to Storage, Network, or Short Range devices > > > > 2) Using Sophos we also activated "Data Control". thus creating email > alerts > > detailing the sender /recipient, time /date, and name /location of > > attachment > > > > 3) All documents are converted to PDF with security options that prevent > > copy /paste, and printing > > > > 4) End-users are NOT allowed Internet access > > > > > > > > Owners are left *totally* unsatisfied with all the above, as these > measures > > are not preventative enough. > > > > Leaving any of the end-users without ability to email is NOT an option. > > > > Leaving a [public] workstation open, available with access to this > SPECIFIC > > FOLDER, and then having no email /Internet is NOT an option. > > > > > > > > These end-users are all in the CAD design department. > > > > Given the nature of the business, suffice-it-to-say, one drawing in email > > could represent a significant loss. > > > > Sadly, the owners feel they cannot entirely rely on the loyalty of > > generously paid employees [with great benefits], company policies, and or > > legalese. > > > > > > > > Thanks in advance for any suggestions. comments. Cheers, -J > > > > > > > > > > > > EMPLOYEE Supposition: > > > > Surely in created the level of sophistication placed in Sophos with > Device & > > Data Control suggests that a greater need exists to protect the > employer's > > intellectual property. Along with these concepts, the end-users > themselves > > have become more sophisticated and perhaps unfortunately [these days] > > more-willing to place their positions on the line. > > > > > > > > I guess if we've done our IT job. than the end-users ONLY option is to > snap > > a photo using a cell-phone. What then will the employer do?? Add company > > policy to include NO CELL PHONES?? Imagine a world AT WORK without > texting, > > tweeting, and the occasional personal call??? Ouch! > > > > > > > > EMPLOYER Supposition [slave-master]: > > > > Add video surveillance too!!!! :--/ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
