Solved

Protecting customers data in a server 2012 environment

Posted on 2014-01-31
4
261 Views
Last Modified: 2014-02-11
I have a customer who want to make sure that end users dont take files off site and email them to third party emails like yahoo, gmail etc. I know i can setup permissions on folders but i want to know if there is a better way. Also i plan on installing a sonicwall tz215 and enable content filtering. but i wanted to know if anyone familiar with sonicwalls if there is a way to prevent someone from using a proxy to bypass filtering and block any third party emails besides their hosted exchange so users cant access them. Also note that the Union is preventing the employer from making employees from signing non compete agreements.
0
Comment
Question by:noclav
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39824671
Hi

In my opinion what you want cannot be done.(easily)
Content filtering is nice, once end users find out the cannot mail .doc .xls .zip or whatever they will rename to .tmp or whatever IS allowed.
Next we are in a time where somebody carries 64GB ram on their Phone, how would you control that?

You could think about efs, then files can only be read on systems that carry that specific certificate but again, if a user opens a efs protected file in the office, copy it contents, open a new file and save it locally you are beaten.

You are better of protecting shares from unautorised access IMHO.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39824883
What you describe is known as rights management and will need to add software to enforce those types of scenarios. Microsoft has a rights management product, as do third parties. But there is an additional expense and learning curve in implementing such a solution.
0
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39849804
Hi noclav,

I have a customer who want to make sure that end users dont take files off site and email them to third party emails like yahoo, gmail etc. I know i can setup permissions on folders but i want to know if there is a better way.
You need DLP (Data Loss Prevention) and it gets expensive ($20-50,000 and up). Short of that you could try some combos like removing the ability to use external HDDs/USB sticks via GPO (as an idea: http://support.microsoft.com/kb/555324). You could also achieve this via Reg hacks & external software. For Email, that gets trickier. If your company does literally no business with public accounts then you could easily block them using Transport Rules on Exchange Server. However, if they need some access to public emails it becomes far to ridiculous to manage. So in short its an all or nothing approach aside from the real solution which would be a DLP solution.

Also i plan on installing a sonicwall tz215 and enable content filtering. but i wanted to know if anyone familiar with sonicwalls if there is a way to prevent someone from using a proxy to bypass filtering and block any third party emails besides their hosted exchange so users cant access them.
Yes, you can do this with SonicWALL. Do you have CGSS licensed or just the Content Filtering?

I'll assume you only have Content Filtering and you can block proxy access by the following:
Go to Security Services > Content Filter > under Content Filter Type click Configure... then on the CFS tab put a check next to Enable HTTPS Content Filtering, Block Access to URL, and Log Access to URL.
Click on the Policy tab and click configure for the Default Policy.
Then click on the URL List tab and select all the appropriate categories you want to block but make sure to check 28. Hacking/Proxy Avoidance Systems.
Now click the Settings tab and make sure everything under Custom List Settings is set to Global then click OK.
Now you should be back on the SonicWALL Filter Properties dialogue box.
You could additionally add in the Forbidden Domains prox in the Custom List tab if you so desired but I'd only do that if you are still having issues once this configuration is sent to production.
Click OK to save these changes.
under Restrict Web Features check Access to HTTP Proxy Servers.
Under the CFS Exclusion List enabled it an add the Exchange Servers you want to exclude from this.

Let me know how it goes!
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39851345
Glad I could help...thanks for the points!
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question