Preventing documents from leaving the office (emailing, save-as)
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Preventing documents from leaving the office (emailing, save-as)
Hi there,
new to this forum.
We work with quite a bit of confidential information, so need a systems that prevents certain office files from leaving the office - i.e. users should be able to to edit those files, but should not be allowed to attache to email, or save on usb sticks.
Does any Linux server offer such a system?
Because this is a fundamentally difficult problem. Once someone has the information, if they are determined to copy it, there is no way you are going to be able to stop them. Consider - once it's open, I can take a screenshot. They add a hook so that window blacks out when you do so? Okay, I'll run VNC and then take a screenshot of that. Or I could skip all of this and just manually copy it. It's a cat-and-mouse game you can never really win.
We work with quite a bit of confidential information,
Confidential business-wise how or according to which official rules and regulations?
Quote:
Originally Posted by solability
so need a systems that prevents certain office files from leaving the office - i.e. users should be able to to edit those files, but should not be allowed to attache to email, or save on usb sticks. Does any Linux server offer such a system?
Does the confidential information reside on different network(s)/server(s)?
Are there separate workstations for handling confidential information?
Are these workstations stored in a locked and shielded area that is only accessable to authorized personnel?
Are these workstations locked down appropriately to avoid physical, visual and networked data transmission?
Does authorized personnel require a unique and separate code for unlocking the area?
Ditto for unlocking the workstation?
Is authorized personnel screened for the task and trained to handle confidential information?
Is authorized personnel monitored and searched on the premises?
If you answer "no" to most or all of the questions above then we are probably not talking about the kind that is bound by formal, official rules and regulations but more likely "simple" business confidentiality. For any technical implementation to work it needs to be embedded in a framework which addresses separation of data, roles and access. It is costly in setup and maintenance but without framework you have no theoretical and practical way to enforce rules, audit access and penalize offences.
It is kind of cat and mouse. However, if you have to take individual screen-shots with a third-party tool of, say, 100 individual powerpoint slides and then copy-paste them into a new document rather than being able to email the whole document, that does make a difference.
In addition, we are working with excel tools, whose background functions and calculation models are not visible to the user and cannot be copied through screenshots. But if a user is able to email the excel, the tools can leave the office and could be transmitted to our competitiors.
We are currently working with a Korean windows 2003-based system called TstoreSS, that more or less what we want, but not really happy with it. And it's windows-based only at this point in time.
Last edited by solability; 08-10-2009 at 11:56 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.