Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Confine data within a directory

Posted on 2011-02-22
4
Medium Priority
?
404 Views
Last Modified: 2012-05-11
Hello,

Is there any way to confine data files within a directory? I think this is referred to as "confinement" or "type enforcement". I want to allow certain users the ability to access and change the data, but not be able to copy outside a particular folder. This would effectively mean any program that opens a file in the ‘confined’ folder would not be allowed to write to anywhere other than to a file in the same directory. Naturally we would need the ability to override this restriction – e.g. authorised users or password.

The issue is we have confidential information that staff need access to in order to view, change and process through batch programs, but we want to prevent the data being disclosed (accidently or deliberately) via web transfer, email, USB, CD, etc. I’m not able to block all access to the internet or prohibit email attachments, because these are services we need for other business requirements.

The environment is Windows Terminal Services. The type of files would include text, Excel & Access.

Does anyone have any suggestions?

Thanks!
0
Comment
Question by:markserv
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 10

Expert Comment

by:abbright
ID: 34958531
I don't know of a way to prevent users who have access to certain data to copy these to other locations. Actually I believe this is a feature that the application accessing the data needs to provide.
Anyway you may want to consider a solution like windows rights management services (http://en.wikipedia.org/wiki/Rights_Management_Services) which, encrypts sensitive data so that it can only be opened by authorized persons, even if distributed to other locations.
0
 

Author Comment

by:markserv
ID: 34967634
Thanks abbright for the reply, but I'm not sure this quite achieves what I'm after. It may do the job, however it sounds like applications need to be Rights Management Services compliant, which could be a show-stopper.
What I hoping for was some kind of system software that would put a 'wall' around the data (all files within a folder/sub-folders), so that even a user with permission to read & write to that directory cannot copy the data to a location outside the 'wall'.  As I said, I'm not sure this is even possible, but thought I ask the question!
0
 
LVL 10

Accepted Solution

by:
abbright earned 1500 total points
ID: 34967670
I believe that theoretically this is possible though it may be impossible or at least very difficult doing so with Windows. As you want to achieve this with Excel and Access-files you need to have these applications on the machine and have them open the files. So the data is being read from the storage location to main memory at least. Now in order to prevent further distribution you need to make sure the data cannot be copied from memory elsewhere. The only thing I can think of is by restricting the network access of the relevant PC to not allow any connection (SMB, FTP, ...) to the outside and to seal all USB, floppy, CD-RW, ...-ports to not allow a copying of the files somewhere else. In the end if the users on the pc have some rights that allow the running of custom applications it is always possible to tunnel the data to some remote location given this location is somehow accessible, even via ping (http://www.neophob.com/2007/10/pingtunnel-for-windows-icmp-tunnel/).
0
 

Author Closing Comment

by:markserv
ID: 34975380
Hi abbrigh, I see your point. Unless one uses customised applications it’s probably impossible to place a 'wall' around it. Besides memory, many apps use temporary files as well. I'll look further into Windows Rights Management Services - that's probably the closest to what I'm after. Thanks for your help!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question