Solved

need a secure way to share documents

Posted on 2012-04-09
15
451 Views
Last Modified: 2012-04-10
I'm looking for a reasonable+ means of securing a document that needs to be shared online or via e-mail.

The data resides on my home computer, but I am asking about delivering a document to a couple of recipients, what is a decent solution and how secure is it.

- basic option is to add a password to a Word document and e-mail it, I use gmail, recipient uses corporate e-mail.

- 2nd option I am considering is posting the document on a website, then the user can just download it.

So looking for a reasonably secure method of delivering the document electronically.

From a usage standpoint, I prefer to post online and download the document (mostly it would be opened and printed), thinking that this is more efficient and a better end user experience (users goes to the link and downloads it), whereas "storing" everything on e-mail to me is not only a cheesy way of doing this but might actually be considered less secure as now there are multiple copies stored on e-mail and likely the person would download to their machine (and likely ultimately download to multiple machines).

If the document were compromised, it would be very bad. Our competition would very much like to get their hands on this and if they did, it would sink our operation.

The risk of the competition finding where this document is seems to be very, very low, and they actually don't know it exists. But they can reasonably assume that a document of this nature probably exists and so they are determined to find it. Basically there's no reasonable way of them finding it without leaks on our part, so I'm essentially just asking a quick security assessment of the two options I've listed, and possibly what would be a reasonable next higher level of security (I looked at securing a .pdf document and that seemed fairly involved to a security novice, so at the moment I'm just using a password on a MS office document).
0
Comment
Question by:Alaska Cowboy
  • 7
  • 5
  • 2
  • +1
15 Comments
 
LVL 20

Assisted Solution

by:n2fc
n2fc earned 75 total points
ID: 37823432
Password is a good start... Just make sure you have a decent (strong) password that incorporates upper/lower case, numbers & special characters to prevent "dictionary attack" hacking...

Be concerned over how you transmit the password to your audience.

Make sure your intended recipients are trustworthy & will secure the password effectively as well!

A PDF file is only slightly more secure than the MS Word document, but you can also encapsulate either file type within a zip or rar archive that can be password secured as well... This "double encryption" might be a simple solution to up your sense of security (paranoia)!
0
 
LVL 37

Assisted Solution

by:Gerwin Jansen, EE MVE
Gerwin Jansen, EE MVE earned 100 total points
ID: 37823444
Encrypting your documents before sending / posting is something I would do. You can use freeware gpg for this, quite secure. Every recipient needs to supply you their encryption keys / certificates, you encrypt your files for all recipients after which you post/send the encrypted document. Recipients decrypt the document with their private keys / certificates.

See: http://gpg4win.org/ and some screenshots here.
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 37823485
n2fc - good suggestion on double lock entry with zip file (haven't used rar archive, but good option as well).

gewinjansen, gpg4win looks really good, probably my next step up beyond the simple password. How would my partners "supply me with their encryption keys / certificates", especially if they are operating in a home (non-corporate) environment ?
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 6

Assisted Solution

by:HAVARD7979
HAVARD7979 earned 75 total points
ID: 37823509
I agree you can zip the file with a password to help protect it.  but do not put it on a website to be downloaded.  you should use a ftp site that the user has to log into to get to the download. that adds another layer of protection.
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 37823544
havard, just need to clarify what you are saying . . . if I have a document that's stored here: www.mywebsite.com/documents, and the user goes to that site and sees an index of documents, is that "on a website" ?

I guess I don't understand what is "an ftp site" that's "not on a website" . . .

but this sounds like another good layer of security, and avoids versions piling up in e-mail
0
 
LVL 6

Accepted Solution

by:
HAVARD7979 earned 75 total points
ID: 37823866
if you put the doc in www.mywebsite.com/documents  anyone can go and download it.  Then it is a matter of using software to crack the password on the file. you should have the file in ftp://mywebsite.com/documents  that would require a username and password to even see the file.  Are you hosting your own website or is it at a hosting service?  If you are hosting your own there are several free easy to use ftp servers. I use zFTPServer for our stuff.  If you are using a hosting company it is just a matter of going into your cpanel and creating a ftp user and password.
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 37824089
Havard, ok, makes more sense now. I will investigate the ftp://mywebsite and post another question if needed
0
 
LVL 1

Author Closing Comment

by:Alaska Cowboy
ID: 37824101
just what I was looking for, thank you all
0
 
LVL 37

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 37824166
You're welcome :)
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 37824218
sorry, quick follow-up . . .

I like the ftp solution and did a quick set up of a user.

the hosted service on cpanel wanted to put them in public_html/[user_name].

but I created a folder on public_ftp/[directory_name]

so does this mean it's "not on the web" and only available via ftp, so entry credentials are the host ip address, the user name, and then the password ?

I kind of like this solution, as I don't have to fiddle with password protecting the file, I can just dump the files there (although I realize this would be an extra layer of security).
0
 
LVL 6

Expert Comment

by:HAVARD7979
ID: 37824947
I would have thought it would have gone to public_ftp.  but by having in public_htm you will need to write a .htaccess file to block people which is not what you want.  I would force it to the public_ftp side.  you should be able to call your hosting company and they should be able to walk you through setting up a ftp site and user without any trouble.  A different way to go would also to use Google docs and only give out the login to that to the right people.  I have a restaurant chain that uses Google docs for all there training manuals etc.
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 37825067
Havard, I was able to change it to public_ftp, it just defaulted to public_html.

so does this count as "an ftp site" ?

google docs is also a good functional solution but I'm just nervous about the security there.
0
 
LVL 6

Expert Comment

by:HAVARD7979
ID: 37825154
best thing is to test it.  just type it in the browser and you should not be able to see it.  If you type ftp:// then it should prompt for a password.  see:

http://dataroom.coles.com/  vs. ftp://dataroom.coles.com/

for an example.
0
 
LVL 1

Author Comment

by:Alaska Cowboy
ID: 37825168
yes, I think I'm good, thanks !
0
 
LVL 6

Expert Comment

by:HAVARD7979
ID: 37827658
glad to hear that
best of luck
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question