Data tagging/waterprinting is an option too perhaps (ie. avoiding reliance on filename and possibly format) ...
a -----Original Message----- From: Jeff S. Gottlieb [mailto:[email protected]] Sent: 12 May 2011 20:36 To: NT System Admin Issues Subject: RE: BLOCKING end-users from ATTACHING and EMAILING... Yes Kurt [thanks]. The users in the department do not have local admin rights, and the ability to print has been removed. Unfortunately, we have not been able to prevent users from copy /paste. The rule is, IF a file can be read... IT CAN be copied /pasted. If the end-users figure out that the trigger preventing email in Vipre [Attachment filter] is within the name of the file they can modify it. We are searching for a workaround. We were hoping to avoid the expense, but at the end of the day perhaps a DLP professional firm will be needed. Alan recommended http://www.verdasys.com/ We've just seen a demo from http://www.gtbtechnologies.com/ [they use "finger prints" signatures in documents, then an appliance gateway NOT CHEAP however] Cheers -J -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Thursday, May 12, 2011 7:51 AM To: NT System Admin Issues Subject: Re: BLOCKING end-users from ATTACHING and EMAILING... I'm sure you've also ensured that the users can't install alternate software for reading and printing the document... Kurt On Wed, May 11, 2011 at 13:24, Jeff S. Gottlieb <[email protected]> wrote: > SOLUTION FOUND > > VIPRE Email Security has what's called Attachment Filter [was right > under our noses]. We are *now* able to prevent specific documents from > being attached and emailed by specific users [or department]. All > Policy features in the Attachment Filter tabs worked quite well, with > minor exceptions [*see below]. Our custom rule, "*(CLASSIFIED).PDF", > stops PDF docs that end with "CLASSIFIED" in parenthesis. All > classified documents were placed Read Only in a shared folder for all > users. These documents will be given names for the above rule to > catch, i.e., "Standards for Dakota (CLASSIFIED).pdf". The PDF > documents are converted using Adobe security, whereby the users cannot modify, copy /paste, or print. Using Sophos we activated "Device Control" > preventing the end-users from coping to Storage, Network, or Short > Range devices. The last step is to prevent these PDF [Read Only] > documents from being copied locally and renamed. We are searching for a good "Anti-copy" > software. It appears that there are some choices. programs like "M > File Anti-Copy" http://mini-products.net/ .so far untested. > > > > It appears we have a DLP solution to look forward to. Cheers -J > > > > Thank you all for the replies [contributions] including: > > Justin Thomas: [email protected] > > Martin Blackstone: [email protected] > > Angus Scott-Fleming: [email protected] > > Jim Kennedy: [email protected] > > Jeff Steward: [email protected] > > James Rankin: [email protected] > > Andrew S. Baker: [email protected] > > > > *The syntax "%FILENAME%" used under the Notifications tab oddly > returned the subject of the email rather than the filename (GFI case > is pending) > > *Earlier on, the Attachment Filter failing entirely. the result of our > Digital signature in emails. Resolution came by changing the statement > from "false" to "true" in > <ScanDigitallySignedMessages>true</ScanDigitallySignedMessages> found > in the directory \VIPRE Email Security\globalsettings.xml file > > > > The latter issue dragged on for what seemed like forever [5-days]. > After several techs [3-4] it was finally resolved by Matthew D. (Nice > Job!) > > > > > > From: Jeff S. Gottlieb [mailto:[email protected]] > Sent: Friday, May 06, 2011 4:32 PM > To: NT System Admin Issues > Subject: RE: BLOCKING end-users from ATTACHING and EMAILING... > > > > Agreed! .and thank you for your worthy replies. > > We recently discovered Vipre Email Security has what's called > "Attachment Filter" .albeit it doesn't quite work AS OF YET, and no > one [including Vipre Support] is able to say why. > > For the Vipre Security users out there.check out the "Rules" tab. Now > this looks like something with tremendous DLP potential. Now if we can > just get it to work. Cheers -J > > > > From: Jeff Steward [mailto:[email protected]] > Sent: Friday, May 06, 2011 4:24 AM > To: NT System Admin Issues > Subject: Re: BLOCKING end-users from ATTACHING and EMAILING... > > > > I asked that question as I have been involved in stolen/leaked > Intellectual Property issues where someone was faxing CAD drawings to > a competitor. If this data is truly considered 'the secret sauce' > then as others have suggested, get a real DLP solution in place. > There is no perfect security in business since you have to let the > pesky end users, customers and sales folks interact. > > > > Good luck! > > > > -Jeff Steward > > On Thu, May 5, 2011 at 12:51 AM, Jeff S. Gottlieb > <[email protected]> wrote: > > Thank you Jeff. > > > > The CAD operators cannot print the items of sensitivity [again we need > to prevent the possibility to email only]. > > Many of these items [documents] represent "Standards" or dimensions > which the engineers use for all projects, and are located in one folder. > > These docs are large, including roughly 130 pages each, and would > easily allow other manufacturing firms to replicate the same exact pieces. > > This is VERY Similar to the secret recipes for the odors of Crayola > crayons, or Papa John's Pizza garlic sauce, etc., etc. > > > > Ps. The latter is something I would LOVE getting my hands on. I would > make a HUGE batch for home use to dip the crust of *any* pizza!! > > > > From: Jeff Steward [mailto: <mailto:[email protected]> > [email protected]] > Sent: Wednesday, May 04, 2011 8:14 PM > > > To: NT System Admin Issues > > Subject: Re: BLOCKING end-users from ATTACHING and EMAILING... > > > > Can the CAD operators print? Seriously, if the owners need to protect > their intellectually property at that level, have the engineers upload > the docs to a directory for review and approval and let a 3rd party > review them prior to sending them to an external destination. > > > > -Jeff Steward > > On Wed, May 4, 2011 at 7:49 PM, Jeff S. Gottlieb > <[email protected]> > wrote: > > > > Thanks Martin > > > > We too were thinking that might be a viable option. If seems NOT good > for two reasons. > > > > 1) That is a Global setting, whereby the entire company would be > effected by the one Exchange server > > 2) This department needs to transfer large files MOSTLY internally, > but on rare occasions outside > > > > Sorry I forgot to mention this in our original post. -J > > > > > > From: Martin Blackstone [mailto: <mailto:[email protected]> > [email protected]] > Sent: Wednesday, May 04, 2011 2:50 PM > > > To: NT System Admin Issues > > Subject: RE: BLOCKING end-users from ATTACHING and EMAILING... > > > > You could just put such a small attachment size restriction on them > that nothing would go. > > Say 1K. > > > > > > From: Jeff S. Gottlieb [mailto: <mailto:[email protected]> > [email protected]] > > Sent: Wednesday, May 04, 2011 1:47 PM > To: NT System Admin Issues > > Subject: BLOCKING end-users from ATTACHING and EMAILING... > > > > > > We are searching for a method to BLOCK end-users from ATTACHING and > EMAILING [sensitive] docs located on a SPECIFIC FOLDER of the share. > > > > What we have accomplished thus far: > > 1) Using Sophos we activated "Device Control" preventing end-user from > coping to Storage, Network, or Short Range devices > > 2) Using Sophos we also activated "Data Control". thus creating email > alerts detailing the sender /recipient, time /date, and name /location > of attachment > > 3) All documents are converted to PDF with security options that > prevent copy /paste, and printing > > 4) End-users are NOT allowed Internet access > > > > Owners are left *totally* unsatisfied with all the above, as these > measures are not preventative enough. > > Leaving any of the end-users without ability to email is NOT an option. > > Leaving a [public] workstation open, available with access to this > SPECIFIC FOLDER, and then having no email /Internet is NOT an option. > > > > These end-users are all in the CAD design department. > > Given the nature of the business, suffice-it-to-say, one drawing in > email could represent a significant loss. > > Sadly, the owners feel they cannot entirely rely on the loyalty of > generously paid employees [with great benefits], company policies, and > or legalese. > > > > Thanks in advance for any suggestions. comments. Cheers, -J > > > > > > EMPLOYEE Supposition: > > Surely in created the level of sophistication placed in Sophos with > Device & Data Control suggests that a greater need exists to protect > the employer's intellectual property. Along with these concepts, the > end-users themselves have become more sophisticated and perhaps > unfortunately [these days] more-willing to place their positions on the line. > > > > I guess if we've done our IT job. than the end-users ONLY option is to > snap a photo using a cell-phone. What then will the employer do?? Add > company policy to include NO CELL PHONES?? Imagine a world AT WORK > without texting, tweeting, and the occasional personal call??? Ouch! > > > > EMPLOYER Supposition [slave-master]: > > Add video surveillance too!!!! :--/ > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ************************************************************************************ WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. "CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
