• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

help: need recommendation for security software

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Security Related Software

View previous topic :: View next topic  
Author Message
angel_rc
Just Arrived
Just Arrived


Joined: 20 Feb 2007
Posts: 0


Offline

PostPosted: Tue Feb 20, 2007 8:11 pm    Post subject: help: need recommendation for security software Reply with quote

Hi everyone, i´m new to security software so i was hoping you could help me: o need a program to keep my files in my computers, i mean, need something that allows file sharing beetween my LAN and modify them normaly for use on the office, but prevent anybody from extracting anything, prevent files from being saved to usb drives, copied to cd/dvd, floppy, uploaded to a mail server, etc... basicly a need people to work with my files but prohibit them from taking them home becuase i have a designig company, does such software exisist? and am i posting in the right forum? thanks in advance

PD: pardon my bad english i´m from peru
--------------------------------------------------------------------------------------
Angel Reyes Cañas
Back to top
View user's profile Send private message
Dan.M
Trusted SF Member
Trusted SF Member


Joined: 14 Feb 2007
Posts: 0
Location: Jacksonville, FL USA

Offline

PostPosted: Fri Feb 23, 2007 11:11 pm    Post subject: Reply with quote

I seriously doubt you could do all that with Windows. Are all of these machines XP on a 2003 Server AD domain? You can lock down a lot of stuff, but there's still workarounds.

What kind of files are we talking about? Microsoft Office? The new Office 2007 server gives you the level of control that you want, but the users would only be able to work with the files when they're in the office and they'd have to use Office 2007. You'd also need the above mentioned setup where all the machines were strictly locked down.

Also, you want to make sure that all the machines are using hard drive encryption (so they can't just walk out with a machine and use it at home) such as EFS (built into Windows). Even under this setup, a very sophisticated thief could do a bit-by-bit copy of their hard drive while at the office (using something like Knoppix) then grab the encryption hash being sent back and forth over the network and then use it to decrypt the hard drive when they get home.

In short: To do what you want in Windows you,
  • Really need to know what you're doing.
  • Need to spend a ton of money (likely over $100k).
  • Need to lock down your computers to the point where it will cut into productivity.
  • Freely admit that you absolutely do not trust you users (hurts morale).

It is also possible to do all of this in Linux, but you'd run into all the same problems with the exception of the weak encryption and the cost (only pay for labor).

In Linux, there's many ways to accomplish what you want, but here's how I'd do it...
  • First, encrypt their home partition with a key that is accessed over the network only if they login successfully (preferably via ssh so it can't be intercepted).
  • Lock down the system's HAL configuration so that users other than root can't mount anything.
  • Deny users Internet access altogether (don't want them copying and pasting into a browser).
  • Use a kernel patched with GRSecurity and PAX to really harden the system. This will allow you to prevent users from running applications in their home directories and also from running applications that listen on the network for connections.
  • Lock down their access to GUI functions with either KDE's or Gnome's kiosk tools (they give you more granular control than Windows). You have to prevent them from running anything other that approved applications (especially the command prompt and the run command)

That's pretty much it. Under that config the users will essentially be limited to what applications you provide to them and they won't be able to copy things to disk, to the Internet, or to share files across the network (so they could bring in a PC and copy the files to that). They also won't be able to copy the hard drive (it would be futile without the encryption key) or take the machine home and access it there (since they can't login *or* get the encryption key over the network).

I sure wouldn't want to work at a place that does this though!
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
angel_rc
Just Arrived
Just Arrived


Joined: 20 Feb 2007
Posts: 0


Offline

PostPosted: Mon Feb 26, 2007 6:15 am    Post subject: wow , thanxs Reply with quote

Wow that seems like a lot of stuff, i seriusly don´t think someone in my office is going to take my CPU that prety extreme, i was more thinking in a simple password based program wich prevented files (word xp,exel xp,ppt xp,pdf,autocad, etc) from being extracted from my pc´s... well 100K is a bit out of my budget so i hope i find a simple/cheap solution, thanks for your help anyway and for informing me about the subject.
Back to top
View user's profile Send private message
Dan.M
Trusted SF Member
Trusted SF Member


Joined: 14 Feb 2007
Posts: 0
Location: Jacksonville, FL USA

Offline

PostPosted: Mon Feb 26, 2007 4:10 pm    Post subject: Reply with quote

After reading my post again I realized I should have been more specific about Microsoft's Office Server... What you'd need is Microsoft Office Sharepoint Server 2007 + Microsoft Office 2007 (for all your employees) + Microsoft Active Directory along with all of their prerequisites.

If you add it all up, it gets very expensive.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Security Related Software All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register