Solved

Restrict the system administrator (Custodian) from copying files via windows file explorer

Posted on 2016-10-29
11
53 Views
Last Modified: 2016-11-28
We have a Document management system which hold sensitive data. Currently the users on the system can view the documents within the framework of the software we provided.  We do have an audit trail on the documents access etc.

But this still leave a hole in the security aspect as the application custodian where the s/w is installed still has access to the folders where this documents are residing.

How do we ensure that the system admin can't access this folder and only the access is permitted via the software application.
0
Comment
Question by:Member_2_7967119
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 47

Assisted Solution

by:Jackie Man
Jackie Man earned 83 total points (awarded by participants)
ID: 41865626
You need to trust the system admin as it is unlikely that you can restrict the system admin on anything.

OR

You take over the credentials of system admin and every job of the system admin has to be supervised and monitored by you.

I will choose the first one.
0
 
LVL 28

Assisted Solution

by:Dr. Klahn
Dr. Klahn earned 83 total points (awarded by participants)
ID: 41865628
In both Windows and linux, the system administrator can override all protections on any folder and file.  There's no way to do what you ask without adding more software and some overhead.

What could be done is encrypt the files in question and decrypt them only in the application's internal memory, and when writing them back to disk re-encrypt those files.

This assumes that nobody will tell the system administrator what the password to the application is, and that is certainly not a good assumption.

Your company's insurance probably does not cover this type of employee malfeasance.  If the data is that sensitive, you must -- not should, must -- require that all employees who can override security on that system be bonded for at least one million dollars, or insured against malfeasance for the same amount.  Typically a one million dollar bond costs one-half to one percent a year, so add another $10,000 per million dollars of bonding to the annual cost of that employee.  

This does several things.  First, you're covered against financial damage in case of an offense.  Second, the bonding company will investigate the employee's background as part of the bonding process.  Third, it lets the employee know you are serious about security.  Fourth, bonded employees won't be handing out admin-level passwords.  Finally, if the employee commits an offense they know the bonding company will be coming after them.
0
 
LVL 64

Assisted Solution

by:btan
btan earned 251 total points (awarded by participants)
ID: 41865634
The windows EFS will determine who can see the protected files.
EFS encrypts files with a random file encryption key (FEK) and encrypts that key with a RSA key belonging to the user ... this RSA key ist protected by DPAPI ... if the system is setup with a key recovery agent, the FEK is also encrypted for the RSA key of the key recovery agent (this might be the local admin, but can be changed, even to no key recovery agent)

if the local admin changes the password of a user, their DPAPI master key is left untouched, still protected by the old user password ... changing the password won't give you access to the DPAPI master key, and therefore won't give you access to the users private RSA key ...

if the station is member of a domain, the domaincontroller will have a decryption key that will allow decryption of a DPAPI master key ...
0
IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

 

Author Comment

by:Member_2_7967119
ID: 41865650
We have already attempted the enryption and decryption of the documents but there is a very serious overhead on the performance as everytime a employee request a document via search, the viewing of the document needs to pass first the decryption by the application's key and then display the document.

I did resonate what you where stating about trusting the custodian since he/she needs to manage the backups and other critical tasks of housekeeping.

No one at the firm understand the same.

Next option was to store the data in SQL server tables and read it from them so that we do not worry about having the physical file on the hard disk. But this option has heavy performance  issues aswell.
0
 
LVL 28

Assisted Solution

by:Dr. Klahn
Dr. Klahn earned 83 total points (awarded by participants)
ID: 41865653
No one at the firm understand the same.

Write down an official memo, one page only, expressing your concern about the situation.  Estimate the financial damage to the company if the data in question were to be compromised.  Also estimate the legal issues (at $500/hour lawyer time) and the effects on the company's future earnings.  Figure a minimum of 200 hours of lawyer time per aggrieved client.  Use short, simple phrasing.

Put it down on paper, on official company letterhead.

Hand deliver it to the CEO, the CFO, and the company's legal department.  Mail a copy to yourself at home, certified mail, return receipt requested to prove that you brought the issue up, and when.

There will either be positive action, or your tochis will be covered in case of a problem.  Either way you win.  You'll have to live with the eternal hate of your immediate supervisor, though.
0
 
LVL 64

Assisted Solution

by:btan
btan earned 251 total points (awarded by participants)
ID: 41865756
Understand the encryption impact but it should not sized up properly with hardware amd not keeping on adding oversight measures which it is just not going to be anywhere..

Encryption is in fact minimal to deter admin access. There is also file integrity monitoring and likewise system will have some loading. They are not fool proof but serves as deterrences for abuses.  Really need to balance convenience vs risk appetite. It is hard to have both world, it is about risk measured approach. Let your stakeholder make an informed decision with your concerns.

Go for minimal audit trails and have a regime to track and review for anomalous activities. One option for oversight; if this makes sense for your environment
CimTrak is one of very few FIM softwares with an audit trail that cannot be altered by users. This means your administrative and privileged user actions are continually monitored. It eliminates any risk that your FIM software will hide malicious activity.


CimTrak's audit trail also allows total oversight into user activity. Any time a critical file or configuration is changed in a negative way, an alert is generated. These alerts clearly differentiate between positive, neutral, and negative changes.
 https://www.cimcor.com/cimtrak/?_ga=1.87067167.626203798.1477821099
0
 
LVL 79

Assisted Solution

by:arnold
arnold earned 83 total points (awarded by participants)
ID: 41865778
What document management is in place documentum, opentext Livelink ECM?
 the overhead of encryption/decryption versus possible access by a rogue admin who copies data, which is more important?

The overhead is one consideration impact, the backup/restore DR is another.
If the data is within a fileshare on that server, setting up a deny rule for group of user to which admins belong ....
But as others have pointed out, admins have tools necessary to gain/regain access in the event of an error. Admins are entrusted with ........
Even with encryption enabled, the admin of the document management system would be the one that has the access to the encryption/decryption keys. So with that a rogue admin, to whom said information was entrusted ............. Need not read any to cause havoc on an enterprise.
Doctors/surgeons  hold the life of their pt in their hands, could you impose a restriction on a position require extraordinary level of trust to prevent an errand person. From doing bad things?

With systems, no matter how complex, a person, mechanism to which a person would have access an error could be made that the wrong person is entrusted with the wrong set of information.

Check with the vendor of the document management system, whether they have an option to differentiate treatment/storage of documents designated as sensitive, or setup a seond document management system that would house these types of documents.
1
 
LVL 64

Accepted Solution

by:
btan earned 251 total points (awarded by participants)
ID: 41865790
There is also practices to centralise the access through a proxy jump host to file servers and critical server. This can even include video recording (kinda of digital cctv style) on the action taken, in a way the performance of the servers is offloaded onto the jump host. This brings most value for oversight of remote admin access.
0
 

Author Comment

by:Member_2_7967119
ID: 41881678
I will take your advises and share them with my team. Hope they understand.
0
 
LVL 64

Expert Comment

by:btan
ID: 41881774
Sure thanks for sharing. The oversight should be centralised for holistic readiness.
0
 
LVL 47

Expert Comment

by:Jackie Man
ID: 41903915
Sufficient information to close this question.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question