[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 567
  • Last Modified:

Email, File, and file content, Rights Management (office,pdf, other..)

Hello,
I'm looking for one or more solution for managing security document and content of the document. We are in an environment (windows 2003).
I must:
Protect Office documents, PDF, DXF ... and any type of document.
Protect against copying partial or complete "copy paste" and "print screen."
Manage impressions, which has the right to print or not.
Possibly watermark documents.
Monitor the activity of a document and a directory.
Protect against physical copy.
Possibly Encrypt and sign the documents.
Possibly Set lifespan of a document.
Protecting mail: digital signature, protection against copying, transfer, printing

That everything is managed at the level of working groups or directories but not in the document.
I have some ideas but would like your opinion.
Thks
0
corsytec
Asked:
corsytec
  • 2
  • 2
1 Solution
 
btanExec ConsultantCommented:
That looks like almost covering everything digital. Let tackle the specific and common doc first

I thought of Microsoft Rights Mgmt System (RMS) that fits well since you are using Win2K3. Check out pg 17 of file attached for workflow.  But that covers only Microsoft document (including email). Note that it is not using the standard X.509 certificates instead XrML (http://en.wikipedia.org/wiki/XrML)

As for the PDF, you may want to check out their innate mgmt product called "LiveCycle Policy Server ". At least it allow you to interoperable and leverage on Microsoft Active Directory for user authentication. But may have to watch out the credential used (XrML supported?)
http://www.adobe.com/products/livecycle/rightsmanagement/features.html

Does it fit well so far or inline with your thoughts. Do note that it is better to have the inherent company support on the RMS portion as other vendor typically have their "proprietary" protection on the document (appending meta-data) that may not be full "leakage" proof...
0
 
btanExec ConsultantCommented:
That looks like almost covering everything digital. Let tackle the specific and common doc first

I thought of Microsoft Rights Mgmt System (RMS) that fits well since you are using Win2K3. Check out pg 17 of file attached for workflow.  But that covers only Microsoft document (including email). Note that it is not using the standard X.509 certificates instead XrML (http://en.wikipedia.org/wiki/XrML)

As for the PDF, you may want to check out their innate mgmt product called "LiveCycle Policy Server ". At least it allow you to interoperable and leverage on Microsoft Active Directory for user authentication. But may have to watch out the credential used (XrML supported?)
http://www.adobe.com/products/livecycle/rightsmanagement/features.html

Does it fit well so far or inline with your thoughts. Do note that it is better to have the inherent company support on the RMS portion as other vendor typically have their "proprietary" protection on the document (appending meta-data) that may not be full "leakage" proof...
RMSTechOverview.doc
0
 
Kelvin_KingCommented:
That's alot of requirements, and one which I don't think you can get away without paying for some quality products.

>> Protect Office documents, PDF, DXF ... and any type of document.
>> Protect against copying partial or complete "copy paste" and "print screen."
>> Manage impressions, which has the right to print or not.
>> Possibly watermark documents.
>> Monitor the activity of a document and a directory.
>> Protect against physical copy.

These are typical data loss prevention (DLP) requirements. For this, I suggest trying McAfee:
http://www.mcafee.com/us/enterprise/products/data_loss_prevention/data_loss_prevention.html

Of course, there are other solutions, and I encourage you to evaluate a few to see which one suits your requirements the best.

>> Possibly Encrypt and sign the documents.
>> Possibly Set lifespan of a document.

For document encryption and digital signatures, I recommend RSA:
http://www.rsa.com/node.aspx?id=2604
http://www.rsa.com/node.aspx?id=3228

>> Protecting mail: digital signature, protection against copying, transfer, printing

I recommend using PGP:
http://www.pgp.com/products/desktop_email/index.html
But as for restricting the printing and transfer of email, that would most likely come under the DLP policy.

Also, you might want to read this white paper to get a better guage of what products will suit your needs:
http://securosis.com/publications/DLP-Whitepaper.pdf 

Hope that helps
- Kelvin
0
 
Rich RumbleSecurity SamuraiCommented:
Protect Office documents, PDF, DXF ... and any type of document.
FileOpen http://www.fileopen.com/

Protect against copying partial or complete "copy paste" and "print screen."
Print-Screen is the deal breaker, can't turn it off. Sometimes you can almost prevent copy paste, but it's not realistic to think you can protect a document this way, give them hard copies instead.

Manage impressions, which has the right to print or not.
Fileopen can do this for PDF... M$ security restrictions will be ignored by StarOffice or Open Office

Possibly watermark documents.
Ok...

Monitor the activity of a document and a directory.
Turn up logging, but you cannot see if someone copies the doc, unless they place that copy in the dir your monitoring

Protect against physical copy.
Again, can't, this is 100% not possible if someone can read the directory the file is in.

Possibly Encrypt and sign the documents.
Sure.

Possibly Set lifespan of a document.
Some like a PDF might be able to do this, but I know of no self-destruct mechinism for documents.

Protecting mail: digital signature, protection against copying, transfer, printing
GPG/PGP will sign or encrypt, there is no way to prevent copying/transfer or printing...
Whatever your trying to protect probably shouldn't be digitized... this is some serious paranoia.
Hard copies sound like what you need, and having them checked in and signed out. In the digital world, there is practically nothing you can do along these lines effectively.
-rich
0
 
Rich RumbleSecurity SamuraiCommented:
A NDA (non-disclosure agreement) would also give you legal recourse, but not do anything to physically protect the viewing or copying of your documents: http://en.wikipedia.org/wiki/Non-disclosure_agreement
The Gov't uses form 312 a lot in my line of work: http://www.archives.gov/isoo/training/standard-form-312.pdf
-rich
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now