Solved

Protecting customers data in a server 2012 environment

Posted on 2014-01-31
4
262 Views
Last Modified: 2014-02-11
I have a customer who want to make sure that end users dont take files off site and email them to third party emails like yahoo, gmail etc. I know i can setup permissions on folders but i want to know if there is a better way. Also i plan on installing a sonicwall tz215 and enable content filtering. but i wanted to know if anyone familiar with sonicwalls if there is a way to prevent someone from using a proxy to bypass filtering and block any third party emails besides their hosted exchange so users cant access them. Also note that the Union is preventing the employer from making employees from signing non compete agreements.
0
Comment
Question by:noclav
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39824671
Hi

In my opinion what you want cannot be done.(easily)
Content filtering is nice, once end users find out the cannot mail .doc .xls .zip or whatever they will rename to .tmp or whatever IS allowed.
Next we are in a time where somebody carries 64GB ram on their Phone, how would you control that?

You could think about efs, then files can only be read on systems that carry that specific certificate but again, if a user opens a efs protected file in the office, copy it contents, open a new file and save it locally you are beaten.

You are better of protecting shares from unautorised access IMHO.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39824883
What you describe is known as rights management and will need to add software to enforce those types of scenarios. Microsoft has a rights management product, as do third parties. But there is an additional expense and learning curve in implementing such a solution.
0
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39849804
Hi noclav,

I have a customer who want to make sure that end users dont take files off site and email them to third party emails like yahoo, gmail etc. I know i can setup permissions on folders but i want to know if there is a better way.
You need DLP (Data Loss Prevention) and it gets expensive ($20-50,000 and up). Short of that you could try some combos like removing the ability to use external HDDs/USB sticks via GPO (as an idea: http://support.microsoft.com/kb/555324). You could also achieve this via Reg hacks & external software. For Email, that gets trickier. If your company does literally no business with public accounts then you could easily block them using Transport Rules on Exchange Server. However, if they need some access to public emails it becomes far to ridiculous to manage. So in short its an all or nothing approach aside from the real solution which would be a DLP solution.

Also i plan on installing a sonicwall tz215 and enable content filtering. but i wanted to know if anyone familiar with sonicwalls if there is a way to prevent someone from using a proxy to bypass filtering and block any third party emails besides their hosted exchange so users cant access them.
Yes, you can do this with SonicWALL. Do you have CGSS licensed or just the Content Filtering?

I'll assume you only have Content Filtering and you can block proxy access by the following:
Go to Security Services > Content Filter > under Content Filter Type click Configure... then on the CFS tab put a check next to Enable HTTPS Content Filtering, Block Access to URL, and Log Access to URL.
Click on the Policy tab and click configure for the Default Policy.
Then click on the URL List tab and select all the appropriate categories you want to block but make sure to check 28. Hacking/Proxy Avoidance Systems.
Now click the Settings tab and make sure everything under Custom List Settings is set to Global then click OK.
Now you should be back on the SonicWALL Filter Properties dialogue box.
You could additionally add in the Forbidden Domains prox in the Custom List tab if you so desired but I'd only do that if you are still having issues once this configuration is sent to production.
Click OK to save these changes.
under Restrict Web Features check Access to HTTP Proxy Servers.
Under the CFS Exclusion List enabled it an add the Exchange Servers you want to exclude from this.

Let me know how it goes!
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39851345
Glad I could help...thanks for the points!
0

Featured Post

IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question