Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 267
  • Last Modified:

Protecting customers data in a server 2012 environment

I have a customer who want to make sure that end users dont take files off site and email them to third party emails like yahoo, gmail etc. I know i can setup permissions on folders but i want to know if there is a better way. Also i plan on installing a sonicwall tz215 and enable content filtering. but i wanted to know if anyone familiar with sonicwalls if there is a way to prevent someone from using a proxy to bypass filtering and block any third party emails besides their hosted exchange so users cant access them. Also note that the Union is preventing the employer from making employees from signing non compete agreements.
0
noclav
Asked:
noclav
  • 2
1 Solution
 
Patrick BogersDatacenter platform engineer LindowsCommented:
Hi

In my opinion what you want cannot be done.(easily)
Content filtering is nice, once end users find out the cannot mail .doc .xls .zip or whatever they will rename to .tmp or whatever IS allowed.
Next we are in a time where somebody carries 64GB ram on their Phone, how would you control that?

You could think about efs, then files can only be read on systems that carry that specific certificate but again, if a user opens a efs protected file in the office, copy it contents, open a new file and save it locally you are beaten.

You are better of protecting shares from unautorised access IMHO.
0
 
Cliff GaliherCommented:
What you describe is known as rights management and will need to add software to enforce those types of scenarios. Microsoft has a rights management product, as do third parties. But there is an additional expense and learning curve in implementing such a solution.
0
 
Blue Street TechLast KnightsCommented:
Hi noclav,

I have a customer who want to make sure that end users dont take files off site and email them to third party emails like yahoo, gmail etc. I know i can setup permissions on folders but i want to know if there is a better way.
You need DLP (Data Loss Prevention) and it gets expensive ($20-50,000 and up). Short of that you could try some combos like removing the ability to use external HDDs/USB sticks via GPO (as an idea: http://support.microsoft.com/kb/555324). You could also achieve this via Reg hacks & external software. For Email, that gets trickier. If your company does literally no business with public accounts then you could easily block them using Transport Rules on Exchange Server. However, if they need some access to public emails it becomes far to ridiculous to manage. So in short its an all or nothing approach aside from the real solution which would be a DLP solution.

Also i plan on installing a sonicwall tz215 and enable content filtering. but i wanted to know if anyone familiar with sonicwalls if there is a way to prevent someone from using a proxy to bypass filtering and block any third party emails besides their hosted exchange so users cant access them.
Yes, you can do this with SonicWALL. Do you have CGSS licensed or just the Content Filtering?

I'll assume you only have Content Filtering and you can block proxy access by the following:
Go to Security Services > Content Filter > under Content Filter Type click Configure... then on the CFS tab put a check next to Enable HTTPS Content Filtering, Block Access to URL, and Log Access to URL.
Click on the Policy tab and click configure for the Default Policy.
Then click on the URL List tab and select all the appropriate categories you want to block but make sure to check 28. Hacking/Proxy Avoidance Systems.
Now click the Settings tab and make sure everything under Custom List Settings is set to Global then click OK.
Now you should be back on the SonicWALL Filter Properties dialogue box.
You could additionally add in the Forbidden Domains prox in the Custom List tab if you so desired but I'd only do that if you are still having issues once this configuration is sent to production.
Click OK to save these changes.
under Restrict Web Features check Access to HTTP Proxy Servers.
Under the CFS Exclusion List enabled it an add the Exchange Servers you want to exclude from this.

Let me know how it goes!
0
 
Blue Street TechLast KnightsCommented:
Glad I could help...thanks for the points!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now