Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Secure Documentation Management (Please Suggest Solutions)

From: "Phillips, Mike" <PhillipsMike () otc army mil>
Date: Fri, 24 Jan 2003 08:46:43 -0600
Several solutions come to mind-
- MS Outlook has an encryption process that will provide some level of
security enroute.
- Several projects that I am on use portals to share documents, with access
controlled by invitation and "rating" for what actions can be performed. An
authorized user can download and modify a file, but cannot replace the
original file on the server. The user can send the document to someone else
once it is downloaded, but the policy is that only what is on the server is
considered valid. I assume that all user actions are logged.

I am not a big fan of Microsoft as a security solutions provider, but that
is the environment we work within. I am sure someone can suggest better
tools.

Mike Phillips

-----Original Message-----
From: Jack Hill [mailto:solvedconstant () yahoo com]
Sent: Wednesday, January 22, 2003 10:55 PM
To: security-basics () securityfocus com
Subject: Secure Documentation Management (Please Suggest SOlutions)


Hi All,

One of my client ( a designing firm) has requirements
to securely manage their design blue prints.

Their main concerns focus on making sure that their
documents are stored securely and in addition have the
following requirements.

1:- For example if a person is sending a document
(attached ) with mail to another person,the other
person should only be able view the document.In
addition he should not be able to mail the same
document to others.

2:-The same applies for taking printouts of documents
too...that is the document should have read permission
but no print rights.

3:-Extensive logging should be configured for all
document access such as whether the document was
copied onto a floppy,whether the document was printed
and if so by whom .

I was thinking in lines of a dedicated server which
will act as document repository , documents will be
encrypted and signed by it's owner using PGP,and the
authorized users can download it using SCP or
encrypted mail.But I am not quite sure of assigning
the kind of permissions which he require and
configuring of the extensive logging which he
requires.

Request you guys to give me your valuable suggestions.

Thanks,
Solved COnstant



__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
Previous By Date Next
Previous By Thread Next

Current thread: