Solved

Protecting customers data in a server 2012 environment

Posted on 2014-01-31
4
258 Views
Last Modified: 2014-02-11
I have a customer who want to make sure that end users dont take files off site and email them to third party emails like yahoo, gmail etc. I know i can setup permissions on folders but i want to know if there is a better way. Also i plan on installing a sonicwall tz215 and enable content filtering. but i wanted to know if anyone familiar with sonicwalls if there is a way to prevent someone from using a proxy to bypass filtering and block any third party emails besides their hosted exchange so users cant access them. Also note that the Union is preventing the employer from making employees from signing non compete agreements.
0
Comment
Question by:noclav
  • 2
4 Comments
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 39824671
Hi

In my opinion what you want cannot be done.(easily)
Content filtering is nice, once end users find out the cannot mail .doc .xls .zip or whatever they will rename to .tmp or whatever IS allowed.
Next we are in a time where somebody carries 64GB ram on their Phone, how would you control that?

You could think about efs, then files can only be read on systems that carry that specific certificate but again, if a user opens a efs protected file in the office, copy it contents, open a new file and save it locally you are beaten.

You are better of protecting shares from unautorised access IMHO.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 39824883
What you describe is known as rights management and will need to add software to enforce those types of scenarios. Microsoft has a rights management product, as do third parties. But there is an additional expense and learning curve in implementing such a solution.
0
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39849804
Hi noclav,

I have a customer who want to make sure that end users dont take files off site and email them to third party emails like yahoo, gmail etc. I know i can setup permissions on folders but i want to know if there is a better way.
You need DLP (Data Loss Prevention) and it gets expensive ($20-50,000 and up). Short of that you could try some combos like removing the ability to use external HDDs/USB sticks via GPO (as an idea: http://support.microsoft.com/kb/555324). You could also achieve this via Reg hacks & external software. For Email, that gets trickier. If your company does literally no business with public accounts then you could easily block them using Transport Rules on Exchange Server. However, if they need some access to public emails it becomes far to ridiculous to manage. So in short its an all or nothing approach aside from the real solution which would be a DLP solution.

Also i plan on installing a sonicwall tz215 and enable content filtering. but i wanted to know if anyone familiar with sonicwalls if there is a way to prevent someone from using a proxy to bypass filtering and block any third party emails besides their hosted exchange so users cant access them.
Yes, you can do this with SonicWALL. Do you have CGSS licensed or just the Content Filtering?

I'll assume you only have Content Filtering and you can block proxy access by the following:
Go to Security Services > Content Filter > under Content Filter Type click Configure... then on the CFS tab put a check next to Enable HTTPS Content Filtering, Block Access to URL, and Log Access to URL.
Click on the Policy tab and click configure for the Default Policy.
Then click on the URL List tab and select all the appropriate categories you want to block but make sure to check 28. Hacking/Proxy Avoidance Systems.
Now click the Settings tab and make sure everything under Custom List Settings is set to Global then click OK.
Now you should be back on the SonicWALL Filter Properties dialogue box.
You could additionally add in the Forbidden Domains prox in the Custom List tab if you so desired but I'd only do that if you are still having issues once this configuration is sent to production.
Click OK to save these changes.
under Restrict Web Features check Access to HTTP Proxy Servers.
Under the CFS Exclusion List enabled it an add the Exchange Servers you want to exclude from this.

Let me know how it goes!
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39851345
Glad I could help...thanks for the points!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now