That and hi-res smartphone photos! Hell .. some *people* have photographic memory and can easily reproduce insanely detailed images from memory. The list goes on ;o)
At least with things like printscreen and file operations, a DLP product can control and report on it. a -----Original Message----- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: 12 May 2011 14:20 To: NT System Admin Issues Subject: Re: BLOCKING end-users from ATTACHING and EMAILING... Also, are users able to printscreen? Got to block that if you don't want users making screenshots of your PDFs. Bill Alan Davies wrote: > Do you block/quarantine encrypted email too? If not, they can encrypt > the email and your attachment filter won't be able to see it. > Otherwise, good solution - you may find, particularly if you need > strong "anti-copy" type controls, that you could get some value from a > DLP suite - Verdasys Digital Guardian for example is one I implemented > in a past role to strictly control that type of activity. Cost will > be an issue. > > > > a > > -----Original Message----- > From: Jeff S. Gottlieb [mailto:jeff.s.gottl...@gmail.com] > Sent: 11 May 2011 21:25 > To: NT System Admin Issues > Subject: RE: BLOCKING end-users from ATTACHING and EMAILING... > > SOLUTION FOUND > > VIPRE Email Security has what's called Attachment Filter [was right > under our noses]. We are *now* able to prevent specific documents from > being attached and emailed by specific users [or department]. All > Policy features in the Attachment Filter tabs worked quite well, with > minor exceptions [*see below]. Our custom rule, "*(CLASSIFIED).PDF", > stops PDF docs that end with "CLASSIFIED" in parenthesis. All > classified documents were placed Read Only in a shared folder for all > users. These documents will be given names for the above rule to > catch, i.e., "Standards for Dakota (CLASSIFIED).pdf". The PDF > documents are converted using Adobe security, whereby the users cannot > modify, copy /paste, or print. Using Sophos we activated "Device Control" > preventing the end-users from coping to Storage, Network, or Short > Range devices. The last step is to prevent these PDF [Read Only] > documents from being copied locally and renamed. We are searching for > a good "Anti-copy" > software. It appears that there are some choices. programs like "M > File Anti-Copy" http://mini-products.net/ .so far untested. > > > > It appears we have a DLP solution to look forward to. Cheers -J > > > > Thank you all for the replies [contributions] including: > > Justin Thomas: jat...@gmail.com > > Martin Blackstone: mblackst...@gmail.com > > Angus Scott-Fleming: angu...@geoapps.com > > Jim Kennedy: kennedy...@elyriaschools.org > > Jeff Steward: jstew...@gmail.com > > James Rankin: kz2...@googlemail.com > > Andrew S. Baker: asbz...@gmail.com > > > > *The syntax "%FILENAME%" used under the Notifications tab oddly > returned the subject of the email rather than the filename (GFI case > is pending) > > *Earlier on, the Attachment Filter failing entirely. the result of our > Digital signature in emails. Resolution came by changing the statement > from "false" to "true" in > <ScanDigitallySignedMessages>true</ScanDigitallySignedMessages> found > in the directory \VIPRE Email Security\globalsettings.xml file > > > > The latter issue dragged on for what seemed like forever [5-days]. > After several techs [3-4] it was finally resolved by Matthew D. (Nice > Job!) > > > > > > From: Jeff S. Gottlieb [mailto:jeff.s.gottl...@gmail.com] > Sent: Friday, May 06, 2011 4:32 PM > To: NT System Admin Issues > Subject: RE: BLOCKING end-users from ATTACHING and EMAILING... > > > > Agreed! .and thank you for your worthy replies. > > We recently discovered Vipre Email Security has what's called > "Attachment Filter" .albeit it doesn't quite work AS OF YET, and no > one [including Vipre Support] is able to say why. > > For the Vipre Security users out there.check out the "Rules" tab. Now > this looks like something with tremendous DLP potential. Now if we can > just get it to work. Cheers -J > > > > From: Jeff Steward [mailto:jstew...@gmail.com] > Sent: Friday, May 06, 2011 4:24 AM > To: NT System Admin Issues > Subject: Re: BLOCKING end-users from ATTACHING and EMAILING... > > > > I asked that question as I have been involved in stolen/leaked > Intellectual Property issues where someone was faxing CAD drawings to > a competitor. If this data is truly considered 'the secret sauce' > then as others have suggested, get a real DLP solution in place. > There is no perfect security in business since you have to let the > pesky end users, customers and sales folks interact. > > > > Good luck! > > > > -Jeff Steward > > On Thu, May 5, 2011 at 12:51 AM, Jeff S. Gottlieb > <jeff.s.gottl...@gmail.com> wrote: > > Thank you Jeff. > > > > The CAD operators cannot print the items of sensitivity [again we need > to prevent the possibility to email only]. > > Many of these items [documents] represent "Standards" or dimensions > which the engineers use for all projects, and are located in one folder. > > These docs are large, including roughly 130 pages each, and would > easily allow other manufacturing firms to replicate the same exact pieces. > > This is VERY Similar to the secret recipes for the odors of Crayola > crayons, or Papa John's Pizza garlic sauce, etc., etc. > > > > Ps. The latter is something I would LOVE getting my hands on. I would > make a HUGE batch for home use to dip the crust of *any* pizza!! > > > > From: Jeff Steward [mailto: <mailto:jstew...@gmail.com> > jstew...@gmail.com] > Sent: Wednesday, May 04, 2011 8:14 PM > > > To: NT System Admin Issues > > Subject: Re: BLOCKING end-users from ATTACHING and EMAILING... > > > > Can the CAD operators print? Seriously, if the owners need to protect > their intellectually property at that level, have the engineers upload > the docs to a directory for review and approval and let a 3rd party > review them prior to sending them to an external destination. > > > > -Jeff Steward > > On Wed, May 4, 2011 at 7:49 PM, Jeff S. Gottlieb > <jeff.s.gottl...@gmail.com> > wrote: > > > > Thanks Martin > > > > We too were thinking that might be a viable option. If seems NOT good > for two reasons. > > > > 1) That is a Global setting, whereby the entire company would be > effected by the one Exchange server > > 2) This department needs to transfer large files MOSTLY internally, > but on rare occasions outside > > > > Sorry I forgot to mention this in our original post. -J > > > > > > From: Martin Blackstone [mailto: <mailto:mblackst...@gmail.com> > mblackst...@gmail.com] > Sent: Wednesday, May 04, 2011 2:50 PM > > > To: NT System Admin Issues > > Subject: RE: BLOCKING end-users from ATTACHING and EMAILING... > > > > You could just put such a small attachment size restriction on them > that nothing would go. > > Say 1K. > > > > > > From: Jeff S. Gottlieb [mailto: <mailto:jeff.s.gottl...@gmail.com> > jeff.s.gottl...@gmail.com] > > Sent: Wednesday, May 04, 2011 1:47 PM > To: NT System Admin Issues > > Subject: BLOCKING end-users from ATTACHING and EMAILING... > > > > > > We are searching for a method to BLOCK end-users from ATTACHING and > EMAILING [sensitive] docs located on a SPECIFIC FOLDER of the share. > > > > What we have accomplished thus far: > > 1) Using Sophos we activated "Device Control" preventing end-user from > coping to Storage, Network, or Short Range devices > > 2) Using Sophos we also activated "Data Control". thus creating email > alerts detailing the sender /recipient, time /date, and name /location > of attachment > > 3) All documents are converted to PDF with security options that > prevent copy /paste, and printing > > 4) End-users are NOT allowed Internet access > > > > Owners are left *totally* unsatisfied with all the above, as these > measures are not preventative enough. > > Leaving any of the end-users without ability to email is NOT an option. > > Leaving a [public] workstation open, available with access to this > SPECIFIC FOLDER, and then having no email /Internet is NOT an option. > > > > These end-users are all in the CAD design department. > > Given the nature of the business, suffice-it-to-say, one drawing in > email could represent a significant loss. > > Sadly, the owners feel they cannot entirely rely on the loyalty of > generously paid employees [with great benefits], company policies, and > or legalese. > > > > Thanks in advance for any suggestions. comments. Cheers, -J > > > > > > EMPLOYEE Supposition: > > Surely in created the level of sophistication placed in Sophos with > Device & Data Control suggests that a greater need exists to protect > the employer's intellectual property. Along with these concepts, the > end-users themselves have become more sophisticated and perhaps > unfortunately [these days] more-willing to place their positions on > the line. > > > > I guess if we've done our IT job. than the end-users ONLY option is to > snap a photo using a cell-phone. What then will the employer do?? Add > company policy to include NO CELL PHONES?? Imagine a world AT WORK > without texting, tweeting, and the occasional personal call??? Ouch! > > > > EMPLOYER Supposition [slave-master]: > > Add video surveillance too!!!! :--/ > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ********************************************************************** > ************** > WARNING: > The information in this email and any attachments is confidential and may be > legally privileged. > > If you are not the named addressee, you must not use, copy or disclose this > email (including any attachments) or the information in it save to the named > addressee nor take any action in reliance on it. If you receive this email or > any attachments in error, please notify the sender immediately and then > delete the same and any copies. > > "CLS Services Ltd × Registered in England No 4132704 × Registered Office: > Exchange Tower × One Harbour Exchange Square × London E14 9GE" > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ************************************************************************************ WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. "CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
