Solved

Protecting customers data in a server 2012 environment

Posted on 2014-01-31
4
257 Views
Last Modified: 2014-02-11
I have a customer who want to make sure that end users dont take files off site and email them to third party emails like yahoo, gmail etc. I know i can setup permissions on folders but i want to know if there is a better way. Also i plan on installing a sonicwall tz215 and enable content filtering. but i wanted to know if anyone familiar with sonicwalls if there is a way to prevent someone from using a proxy to bypass filtering and block any third party emails besides their hosted exchange so users cant access them. Also note that the Union is preventing the employer from making employees from signing non compete agreements.
0
Comment
Question by:noclav
  • 2
4 Comments
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 39824671
Hi

In my opinion what you want cannot be done.(easily)
Content filtering is nice, once end users find out the cannot mail .doc .xls .zip or whatever they will rename to .tmp or whatever IS allowed.
Next we are in a time where somebody carries 64GB ram on their Phone, how would you control that?

You could think about efs, then files can only be read on systems that carry that specific certificate but again, if a user opens a efs protected file in the office, copy it contents, open a new file and save it locally you are beaten.

You are better of protecting shares from unautorised access IMHO.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 39824883
What you describe is known as rights management and will need to add software to enforce those types of scenarios. Microsoft has a rights management product, as do third parties. But there is an additional expense and learning curve in implementing such a solution.
0
 
LVL 24

Accepted Solution

by:
diverseit earned 500 total points
ID: 39849804
Hi noclav,

I have a customer who want to make sure that end users dont take files off site and email them to third party emails like yahoo, gmail etc. I know i can setup permissions on folders but i want to know if there is a better way.
You need DLP (Data Loss Prevention) and it gets expensive ($20-50,000 and up). Short of that you could try some combos like removing the ability to use external HDDs/USB sticks via GPO (as an idea: http://support.microsoft.com/kb/555324). You could also achieve this via Reg hacks & external software. For Email, that gets trickier. If your company does literally no business with public accounts then you could easily block them using Transport Rules on Exchange Server. However, if they need some access to public emails it becomes far to ridiculous to manage. So in short its an all or nothing approach aside from the real solution which would be a DLP solution.

Also i plan on installing a sonicwall tz215 and enable content filtering. but i wanted to know if anyone familiar with sonicwalls if there is a way to prevent someone from using a proxy to bypass filtering and block any third party emails besides their hosted exchange so users cant access them.
Yes, you can do this with SonicWALL. Do you have CGSS licensed or just the Content Filtering?

I'll assume you only have Content Filtering and you can block proxy access by the following:
Go to Security Services > Content Filter > under Content Filter Type click Configure... then on the CFS tab put a check next to Enable HTTPS Content Filtering, Block Access to URL, and Log Access to URL.
Click on the Policy tab and click configure for the Default Policy.
Then click on the URL List tab and select all the appropriate categories you want to block but make sure to check 28. Hacking/Proxy Avoidance Systems.
Now click the Settings tab and make sure everything under Custom List Settings is set to Global then click OK.
Now you should be back on the SonicWALL Filter Properties dialogue box.
You could additionally add in the Forbidden Domains prox in the Custom List tab if you so desired but I'd only do that if you are still having issues once this configuration is sent to production.
Click OK to save these changes.
under Restrict Web Features check Access to HTTP Proxy Servers.
Under the CFS Exclusion List enabled it an add the Exchange Servers you want to exclude from this.

Let me know how it goes!
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39851345
Glad I could help...thanks for the points!
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now