Security Basics mailing list archives
RE: Secure Documentation Management (Please Suggest Solutions)
From: "Phillips, Mike" <PhillipsMike () otc army mil>
Date: Fri, 24 Jan 2003 08:46:43 -0600
Several solutions come to mind- - MS Outlook has an encryption process that will provide some level of security enroute. - Several projects that I am on use portals to share documents, with access controlled by invitation and "rating" for what actions can be performed. An authorized user can download and modify a file, but cannot replace the original file on the server. The user can send the document to someone else once it is downloaded, but the policy is that only what is on the server is considered valid. I assume that all user actions are logged. I am not a big fan of Microsoft as a security solutions provider, but that is the environment we work within. I am sure someone can suggest better tools. Mike Phillips -----Original Message----- From: Jack Hill [mailto:solvedconstant () yahoo com] Sent: Wednesday, January 22, 2003 10:55 PM To: security-basics () securityfocus com Subject: Secure Documentation Management (Please Suggest SOlutions) Hi All, One of my client ( a designing firm) has requirements to securely manage their design blue prints. Their main concerns focus on making sure that their documents are stored securely and in addition have the following requirements. 1:- For example if a person is sending a document (attached ) with mail to another person,the other person should only be able view the document.In addition he should not be able to mail the same document to others. 2:-The same applies for taking printouts of documents too...that is the document should have read permission but no print rights. 3:-Extensive logging should be configured for all document access such as whether the document was copied onto a floppy,whether the document was printed and if so by whom . I was thinking in lines of a dedicated server which will act as document repository , documents will be encrypted and signed by it's owner using PGP,and the authorized users can download it using SCP or encrypted mail.But I am not quite sure of assigning the kind of permissions which he require and configuring of the extensive logging which he requires. Request you guys to give me your valuable suggestions. Thanks, Solved COnstant __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
Current thread:
- Secure Documentation Management (Please Suggest SOlutions) Jack Hill (Jan 23)
- <Possible follow-ups>
- RE: Secure Documentation Management (Please Suggest Solutions) Phillips, Mike (Jan 24)
- RE: Secure Documentation Management (Please Suggest Solutions) dave (Jan 28)