[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 226
  • Last Modified:

File Encryption in 2003 server

Situation :
   I want to encrypt some files.
   Theses files are shared among some AD users
   If the files are copied outside domain it should not be usable.
         (means, for example, if a user copy the files into his laptop which is not part of the AD, then the files must deny access to it)
0
avalon_india
Asked:
avalon_india
  • 3
  • 2
1 Solution
 
crokeefe28Commented:
I use this app for encrypting not only files but whole disk encryption as well:

http://www.truecrypt.org/
0
 
avalon_indiaAuthor Commented:
but crokeefe28, truecrypt encrypts the folder/files that is true, but what I want is that if the user copies the file and use it in another system, then it should not work.
thank you.
0
 
crokeefe28Commented:
This actually looks like it may fit into something that you would be looking for:

http://www.cryptzone.com/prod_securedef2.asp

I think to accomplish what you are looking for you may have to take a layered approach.  Combination of DLP (Data Loss Prevention) and WDE (Whole Disk Encryption).  The main problem that you may face is the Key Management piece.  You probably want users to be able to access the files that they need if they are authorized, which would fall under the DLP policies and would likely carry a local copy of the Key Management to allow them to do so.  Those that are not authorized, you could block totally.  Regardless, if you are not performing WDE on the client, then if a user has the rights to take data, and if they are compromised, the intruder could take any information because that user has the appropriate authority to do so.  Let me know what you think.  If it does not work for you, then I will keep researching.....Sorry for misunderstanding you yesterday.

Cheers
0
 
avalon_indiaAuthor Commented:
Dear crokeefe28

Thank you for your reply.
I checked the site you said. and already requested a free trial and waiting for their response.

I will try to simplify my needs.
I am part of a software company.
We have to share some very important files among about 5-9 peoples in our domain.
They are allowed to view/modify them as normal.
What we need is, if somebody takes the hdd outside domain and connect it as slave or if the data files are copied into their own usb/external hdd and try it in a system outside our domain then, it should not work. Is it possible?

Thank you.
0
 
crokeefe28Commented:
With money....anything is possible.  What you need is something like PGP Universal Server.  This provides whole disk encryption to meet the requirement for the HDD and will not allow anyone to write anything to removable media without first encrypting the drive and/or USB, etc.  The only problem is that is can be costly, depending upon the setup.  I think that McAfee has expanded upon the ePO (e Policy Orchestrator) with the DLP and includes encryption with it, as well as Symantec.  We use PGP at my company, and the great part about it is that when you set it up, you can share your Public keys with others on the Internet and start encrypting messages as well.  Here are a few links to the above products to get you started on your search for the best product for your needs.  This will help you learn the industry terminology and what to look for:

http://www.symantec.com/en/uk/business/products/multimedia.jsp?pcid=pcat_security&pvid=endpt_encryption_1
http://www.mcafee.com/us/enterprise/products/data_protection/data_encryption/index.html
http://www.pgp.com/products/index.html

and the best of all....

http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now