Information Rights Management

["Philip Wagenaar" <p.wagenaar () accon nl>]

Hi,

Rrecently we (our company) asked ourselves the question what if clients modify a document we send them (in ie. Word 
format) and change figured and numbers (ie. made more profit) and resend that document to another part (ie. an 
investor)? 

First of all, most topis on this list are very technical, but what is the use of a highly secure network if these 
weaknesses still exist?

Microsoft Office 2003 uses Information Rights Management to protect office files from being altered and as I understand 
can also sign them digitally. If a client doesn't have Office 2003 they can use a browser plug-in from Microsoft to 
still view the document. This is as far as I know the only product for office enviroments that has protection against 
altering. (By the way, IRM is much more secure then the standard-passwords protection for office files).

I looked at other solutions, like Pretty Good Privacy, but they are a hassle to work with. Maybe not for us, but for 
home users it is.

Does anyone have experience with making sure that information (ie. office files) that leave the corporate network from 
being abused? 

I also came along a tool from Microsoft that removes all the extra information from Office files (ie. author, who 
viewed it, who edited it, etc, etc). Does anyone also know of a product that does this automaticly and intergrated with 
E-Mail clients?

Met vriendelijke groet,

Philip Wagenaar
Junior Projectleider ICT

AccoN Accountants & Adviseurs
ICT Project Bureau
Postbus 5090
6802 EB Arnhem
The Netherlands

tel. +31 (0)26-3842384
fax. +31 (0)26-3630222
mobile: +31 (0)6-25388935
MSN/E-mail: p.wagenaar () accon nl
Yahoo: philip_wagenaar
http://www.accon.nl


##################################################################

Dit e-mailbericht is uitsluitend bestemd voor de geadresseerde.
De informatie hierin is vertrouwelijk, zodat het derden niet is
toegestaan om daarvan kennis te nemen of dit te verstrekken aan
andere derden. Indien u dit e-mail bericht ontvangt terwijl het
niet voor u bestemd is, verzoeken wij u contact op te nemen met
de afzender en de informatie te verwijderen van iedere computer.
Bij voorbaat dank. 

==================================================================

The information transmitted in this e-mail is intended only for
the person or entity to which it is addressed and contains
confidential information. Any review, retransmission or other
use by persons or entities other than the intended recipient is
prohibited. If you received this in error, please contact the
sender and delete the material from any computer. Thank you. 

##################################################################

#####################################################################################
This e-mail message has been scanned for Viruses and Content and cleared 
by MailMarshal
#####################################################################################

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------