Re: Information Rights Management

[nee cee <nc () phat co nz>]

I dont have any solutions for easily locking down files. i would say however that although password word protected pdfs 
will stop a majority of people (we use them ourselves) if someone has ghostscript, a printer redirector (redmon)and 
util like freepdf then no more password protected pdf. 

..................................

Hi 

Why not send password-protected PDFs? They're smaller as well.

-- 
Best regards
 
William 


> ------------Original Message------------
> From: "Philip Wagenaar" <p.wagenaar () accon nl>
> To: security-basics () securityfocus com
> Date: Mon, Aug-9-2004 6:00 PM
> Subject: Information Rights Management
>
> Hi,
>
> Rrecently we (our company) asked ourselves the question what if clients 
> modify a document we send them (in ie. Word format) and change figured 
> and numbers (ie. made more profit) and resend that document to another 
> part (ie. an investor)? 
>
> First of all, most topis on this list are very technical, but what is 
> the use of a highly secure network if these weaknesses still exist?
>
> Microsoft Office 2003 uses Information Rights Management to protect 
> office files from being altered and as I understand can also sign them 
> digitally. If a client doesn't have Office 2003 they can use a browser 
> plug-in from Microsoft to still view the document. This is as far as I 
> know the only product for office enviroments that has protection against 
> altering. (By the way, IRM is much more secure then the 
> standard-passwords protection for office files).
>
> I looked at other solutions, like Pretty Good Privacy, but they are a 
> hassle to work with. Maybe not for us, but for home users it is.
>
> Does anyone have experience with making sure that information (ie. 
> office files) that leave the corporate network from being abused? 
>
> I also came along a tool from Microsoft that removes all the extra 
> information from Office files (ie. author, who viewed it, who edited it, 
> etc, etc). Does anyone also know of a product that does this automaticly 
> and intergrated with E-Mail clients?
>
> Met vriendelijke groet,
>
> Philip Wagenaar
> Junior Projectleider ICT
>
> AccoN Accountants & Adviseurs
> ICT Project Bureau
> Postbus 5090
> 6802 EB Arnhem
> The Netherlands
>
> tel. +31 (0)26-3842384
> fax. +31 (0)26-3630222
> mobile: +31 (0)6-25388935
> MSN/E-mail: p.wagenaar () accon nl
> Yahoo: philip_wagenaar
> http://www.accon.nl

_____________________________________________________________
------
Disclaimer: phat.co.nz accepts no responsibility for the actions of it's members.

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------