Hi,

Is there a way to tie down a file to a computer to prevent data theft?

The employee of a business could work on a file, save the
modifications, but it would not be possible for the file to be
accessed by someone on another computer. It would not be possible to
copy data and paste it in another document.

I've found a software, but it's very expensive. It allows modifying an
Excel file (and other MS Office files) and it's capable of tying it
down to a computer. It can block copying data to the clipboard. It
would be nice if copy and paste would be possible within the same
Excel file (since copy and paste saves a lot of time when editing).
The software : Office Security OwnerGuard (http://www.armjisoft.com/?
page=officeownerguard). The free version doesn't allow to decrypt
files.

I know there's software to block USB drives and floppies and
bluetooth... But they don't block emails or web storage... And the
employee in question would need to be able to get and send emails.

Any ideas please? Is there a jewel somewhere that would allow to
prevent data theft?

RakperBanengen@yahoo.com wrote:
> Hi,
>
> Is there a way to tie down a file to a computer to prevent data theft?

I would unplug the Cat5 cable YMMV

Martin <usenet21@etiqa.co.uk> writes:

>RakperBanengen@yahoo.com wrote:
>> Hi,
>>
>> Is there a way to tie down a file to a computer to prevent data theft?

No. It is simply a collection of bits. Those bits do not care what
medium they are expressed in.
However you could encrypt the file so that noone who does not know the
password could read the file.


>I would unplug the Cat5 cable YMMV

Unruh wrote:
> Martin <usenet21@etiqa.co.uk> writes:
>
>> RakperBanengen@yahoo.com wrote:
>>> Hi,
>>>
>>> Is there a way to tie down a file to a computer to prevent data theft?
>
> No. It is simply a collection of bits. Those bits do not care what
> medium they are expressed in.
> However you could encrypt the file so that noone who does not know the
> password could read the file.
>
>
>> I would unplug the Cat5 cable YMMV

A file is just a collection of bits, but its usage is determined by the
operating system, so it's security is as much or as little as is
provided by the operating system.

You wouldn't only have to remove the network cable, also any floppy
drive, USB socket, CD writer, wireless adaptor, PCMCIA socket and serial
or parallel port

Password protection only restricts files to the user, not the machine,
if the user can edit the file, he must know the password, and then there
is nothing to stop him copying it off.

Back in the day when computing was the exclusive province of mainframes,
most operating systems offered password protection of files. In its
infinite wisdom Microsoft initially decided this was an unnecessary
feature to include in Windows, and only addressed the issue of file
security late in the day. Unix and its brethren however do include a
rudimentary security system as standard.

The way to do it is to create a user identity that has very restricted
access. I think that in Linux one could eg deny a userid the right to
mount removable filesystems, and only allow it access to certain
applications - eg no web browsers.

Thus the physical user would log in as editor and would have access to
the files and an editing program, but no access to anything else - known
as a 'jail'. This technique is often used to restrict the capabilities
of users logged in remotely over public connections. Indeed it might be
better for the computer in question to be physically kept in a secure
area and only accessed remotely in this way, that prevents unauthorised
attachment of removable storage.

To access the rest of the machine he would have to log in under a
different identity who would then have no access to these files.

Of course that begs the question of what use the files are if no-one
else can access them: presumably unless they are eyes-only, they would
be accessible by suitably privileged applications (eg apps running as
root) which filter access to the data in some way.


Tim Jackson

<RakperBanengen@yahoo.com> wrote in message
news:a9d33bf0-404e-47d6-be5f-bb9e5e264815@s31g2000vbp.googlegroups.com...
> Hi,
>
> Is there a way to tie down a file to a computer to prevent data theft?
>
> The employee of a business could work on a file, save the
> modifications, but it would not be possible for the file to be
> accessed by someone on another computer. It would not be possible to
> copy data and paste it in another document.
>
> I've found a software, but it's very expensive. It allows modifying an
> Excel file (and other MS Office files) and it's capable of tying it
> down to a computer. It can block copying data to the clipboard. It
> would be nice if copy and paste would be possible within the same
> Excel file (since copy and paste saves a lot of time when editing).
> The software : Office Security OwnerGuard (http://www.armjisoft.com/?
> page=officeownerguard). The free version doesn't allow to decrypt
> files.
>
> I know there's software to block USB drives and floppies and
> bluetooth... But they don't block emails or web storage... And the
> employee in question would need to be able to get and send emails.
>
> Any ideas please? Is there a jewel somewhere that would allow to
> prevent data theft?

If you have an all Windows, Active Directory based network this will be very
hard for most users to get around.

http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx

In the end if a user can work with a file there is always a way to copy the
information in it, even if they just take screen shots with a camera or
manually transcribe the data. Allowing a user to see and use the data
implies a certain level of trust. Setting policies that have consequences
and getting users to sign a form acknowledging they know the policies is the
best way to protect your data. Encrypting the files in case they are
accidently lost or misplaced is also a good strategy.

--
Kerry Brown

On Jun 3, 12:03*pm, "Kerry Brown" <ke...@kdbNOSPAMsys-tems.c*a*m>
wrote:
> <RakperBanen...@yahoo.com> wrote in message
>
> news:a9d33bf0-404e-47d6-be5f-bb9e5e264815@s31g2000vbp.googlegroups.com...
>
>
>
> > Hi,
>
> > Is there a way to tie down a file to a computer to prevent data theft?
>
> > The employee of a business could work on a file, save the
> > modifications, but it would not be possible for the file to be
> > accessed by someone on another computer. It would not be possible to
> > copy data and paste it in another document.
>
> > I've found a software, but it's very expensive. It allows modifying an
> > Excel file (and other MS Office files) and it's capable of *tying it
> > down to a computer. It can block copying data to the clipboard. It
> > would be nice if copy and paste would be possible within the same
> > Excel file (since copy and paste saves a lot of time when editing).
> > The software : Office Security OwnerGuard (http://www.armjisoft.com/?
> > page=officeownerguard). The free version doesn't allow to decrypt
> > files.
>
> > I know there's software to block USB drives and floppies and
> > bluetooth... But they don't block emails or web storage... And the
> > employee in question would need to be able to get and send emails.
>
> > Any ideas please? *Is there a jewel somewhere that would allow to
> > prevent data theft?
>
> If you have an all Windows, Active Directory based network this will be very
> hard for most users to get around.
>
> http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/de...
>
> In the end if a user can work with a file there is always a way to copy the
> information in it, even if they just take screen shots with a camera or
> manually transcribe the data. Allowing a user to see and use the data
> implies a certain level of trust. Setting policies that have consequences
> and getting users to sign a form acknowledging they know the policies is the
> best way to protect your data. Encrypting the files in case they are
> accidently lost or misplaced is also a good strategy.
>
> --
> Kerry Brown

It looks like that Windows RMS would be a great solution.

I've also found this interesting video from www.LiquidMachines.com :
http://www.youtube.com/watch?v=cWnwz0Q5fkc

They all look to be great solutions, but all very expensive for a
small business... Let's say the business as five computers and want to
let one employee modify an Excel file. They wish that the information
stays on the computer the employee is working on. They also wish that
the employee is :
-Able to do modifications to the document.
-Able to copy and paste within the document
-Not able to copy from the document to another document or email.
-Not able to copy the document to an external media or the internet.

Office Security OwnerGuard seemed promising. The only cons I could
find is that, when copy paste is disabled, it's not possible to copy
paste within the same document. Plus it costs 1600$ for a small
business site license.

I wish there was a cheaper and less complicated solution to this
dilemma. A solution with an affordable license for one PC only.

There is also USB Lock Standard from Advanced Systems
International : Block or allow Removable Drives: USB (Thumb drives,
IPods, mp3 players..), Smart cards readers (CF, SD, MMC, XD..) Zip,
floppy drives. Compact discs:CD's, DVD's. Transceivers:Infrared
(IrDA), USB Bluetooth. It doesn't encrypt files and doesn't prevent
emailing a file though.
http://www.advansysperu.com/usb-lock-standard.html