Securing Files in a Hostile Workplace? 88
lockdown asks: "How do I secure the files used in my department? I work in an engineering department and I've been tasked with securing our electronic files. We are a likely target of pirates, both internal and external. The 'resale' value of our files is very large. Attackers would be interested in selling our files or just posting them publicly for bragging rights. While I trust our engineers, many of whom have been here over 10 years, we do have many short-timers and temps in other departments. Worst of all, our IT department is clueless and even hostile to our efforts. (They are proud that, 'our network is so outdated that it can't be hacked.') How do I came up with a way to secure our files in a hostile environment and still get our work done?"
"The constraints of my personal situation include:
- the world controlled by the IT department (the network, most servers, tape backups, external firewalls, etc) are out of my control,
- we do not have good physical control of our environment to prevent physical theft or PC access,
- we need to compartmentalize access to different teams,
- we need to be able to recover access in the event a bus hits an engineer,
- engineers need to be able to securely take files home,
- data files can range into the GBs,
- this can't get in the way of getting work done,
- being engineers, we tend to work with a wide range of obscure tools that are unlikely to be supported by commercial solutions and may not play nice with the OS
- we are stuck with Win boxes as clients, but we could have a local dept. *nix security server,
- each engineer need to be able to enable access to any other engineer,
- I would like at least 2 factor security, something you know and something you have,
- I would like the 'something you have,' attached to engineer's car key ring (something you can't go home without) and
- open source preferred (no proprietary pixie dust, please)."
hard to tell; need to see the files (Score:1, Funny)
Just say it... (Score:5, Funny)
Re:Just say it... (Score:1)
Re:Just say it... (Score:2)
'resale' value of our files is very large -- who else can ask for $100,000 for a single mp3?
IT department is clueless and even hostile AND our network is so outdated -- who do we know that is technologically clueless?
We are a likely target of pirates -- hmmm.. who could possibly have made themselves intraweb-public-enemy-no.1?? (no, not SCO, they are ruled out by the first item on the list)
I've been tasked with securing our electronic files -- and who could possi
Re:Sounds like you're screwed (Score:2)
Dear slashdot, (Score:5, Insightful)
Thank you,
Hopelessly Clueless Engineering, Inc.
Geeze. Having implemented document control for ISO compliance at an engineering firm that does aerospace parts, I can safely say there is no way your requirements are compatible with any software solution. You have *systematic* problems that are far greater than any humble software could aspire to solving.
Re:Dear slashdot, (Score:3, Interesting)
Even more extra emphasis added by me, of course.
I know it's damned easy for some guy, somewhere on the Internet to say this, but you have two basic options. Either stop caring and go with the flow, or start ac
Outdated (Score:5, Funny)
Get a couple of these [montek.com].
Re:Outdated (Score:1)
Re:Outdated (Score:3, Funny)
The real data will be kept in their shared Kazaa directories and named for classical and country songs.
You're screwed. (Score:5, Insightful)
1) if you can't trust your IT department, you're screwed, especially if management thinks they should have access (they're IT -- it's their job.) You could deny IT access, by handling everything yourself, but that's often a political nightmare.
2) without physical security, you have no security. You could encrypt the filesystems, but that has it's own set of problems. It wasn't that long ago that somebody stole an entire mainframe in Australia.
4) if things are encrypted, more than one person needs to know the passcodes. But the more people who have access, the more people that can do bad things ...
7) is a big one. If you can only trust some of your engineers, then only the engineers you can trust can have access to the files. But obviously engineers you can't trust need access too ... you're screwed.
10) yikes.
Re:You're screwed. (Score:2, Insightful)
5) yikes.
That's another Sysiphean predicament. It's hard enough to control the company network, but effectively impossible to control your engineers' home environment.
There's no magic technology bullet that'll solve your problems.
Re:You're screwed. (Score:2)
Play hot potato and give the problem to IT or, preferably, upper management.
Re:You're screwed. (Score:2)
What about keeping all the files on big usb memory keys?
I'm only 90% kidding
Re:You're screwed. (Score:1)
Re:You're screwed. (Score:1)
I can do it! (Score:3, Interesting)
Seriously, where I work, we use a VPN that is secured using a PIN and a RSA token. Basically, the RSA token is a little keychain thingly that displays a 6 digit number which changes every minute or so. When the user wants to connect to the network, they need to enter their PIN plus the 6 digit number.
Because the token is "keyed" to the individual, only my RSA token will work with my PIN. In order for a person to break in, they need both the person's PIN AND the person's unique RSA token. Obviously, this makes the network a lot more secure than a network protected by a traditional username/password setup.
Based upon your requirements, this may not be the best solution, as it fails to satisfy several of your requirements. However, my intuition tells me that you will be hard-pressed to satisfy ALL of your requirements with a single product (without rolling your own).
Re:I can do it! (Score:1)
Yah, and as soon as a user is connected to the company VPN, I'll hack into his/her PC (weak link) and use the VPN connection.
I agree that a VPN is better than no VPN, but it does not stop a determined foe who'll just get in through some Windows flaw on the employee's home PC.
You have to address all the weak links first.
Re:I can do it! (Score:2)
The RSA key is also difficult to use to legitimately log in. It's easy to mistime your login where the number rolls around and end up having to try again. In theory, RSA VPN sounds neat, put it looks like a huge pain in exchange for extra security.
Using client
Re:I can do it! (Score:1)
Someone I know uses an RSA key to access a VPN into work. It nearly cripples the PC with its CPU load. Even though this is a late 90s machine, still the overhead of the RSA VPN is, in my opinion, too high for the benefits, especially over dialup.
There is a degradation in performance when you access a network over a VPN, I admit. You need to be judicious in your use of it. However, if you need to access your network remoting and are concerned with security, I believe it is worth the tradeoff. Also, wi
do what the US does with classified networks (Score:1, Insightful)
Re:do what the US does with classified networks (Score:4, Interesting)
To sum up (Score:1)
1) Securing files stored at work.
2) Securing files while being transferred around at work.
3) Securing files when stored to take home.
I also assume that your 'recover access in case of being hit by a bus' requirement is also 'recover access if the physical security key is lost/left at home today/dunked in hot coffee'.
For #1 - I'll leave that to the paranoid masses out there, I'm sure they can come up with something.
For #2 - Logically yo
You might as well ask... (Score:2, Insightful)
PGP (Score:2)
Re:PGP (Score:3, Informative)
PGP supports enforced corporate encryption key redundancy, allowing you to hold a master decryption key which will allow you to recover any file.
Better yet, that master key can be broken into parts and only be restored by a subset of keyholders (an m of n reconstitution) so that no one rogue person can act alone, it requires m people to recover the master key.
PGPDisk sets up a virtual partition on the hard disk, and is native to Wintel platf
Re:PGP (Score:2)
Re:PGP (Score:2)
The PGP documentation is, in and of itself, somewhat helpful; Phil Zimmerman has the right idea when it comes to security in general, and PGP in particular.
I'll do some looking around; if I come across any, I'll let you know.
Mattcelt
Digital Rights Management (Score:2, Interesting)
It sounds like the standard answers such as restricted access rights to the server, files and so forth are not an option in your circumstance. One possible solution - depending on your workflow requirements - might be to look at some digital rights management software.
In this forum, digital rights brings up Microsoft, RIAA and so forth - which I'm sure will get me pilloried. However, it sounds like you are in an environment that would be a good candidate for this kind of software.
IBM, Microsoft and othe
Your requirements are incompatible (Score:5, Insightful)
If engineers can take the files home, you'll have to secure their home networks as well. Can you trust them to do that competently?
If any engineer can given access to any other engineer, you can't effectively divide teams. Within very little time, all engineers will acquire access rights to all processes. That's what usually happens.
You'll need to rework your requirements to a list that is consistent with itself first (which means, mostly, thinking which of these requirements are more important). Then you can start looking for a solution.
And don't trust security advice from Slashdot. For every competent answer, you'll get ten incompetent ones, and unless you have a good security background, you won't be able to tell the difference.
Go Commercial (Score:1, Interesting)
Basically, you need a database to store everything in (single network file store), access controls, and revision control (in the event two engineers check out the same file at the same time). It'll cost you money, and no matter what you choose, you'll need 1 or 2 people who understand how to maintain and administer the product.
Your best bet is to involve management. And the Legal department.
expensive and un-fun (Score:2)
Smart Cards (Score:2)
The requirement for shared access mandates that the encryption key be shared. Smart cards provide this by giving each user an individual passkey that they use to access the shared encryption key. This prevents a person's lost smartcard from compromising the security of the files.
You also need software that accepts the passkey and smart card directly f
Well, (Score:2)
So, all work done at work is kept on the secure *nix box
So, what are your qualifications? (Score:4, Interesting)
You see, I frequently run into middle and upper level managers that pose the same questions and issues that you do. They have decided that their files are the most important thing in the world and that the IT department is incompetent because they do not seem responsive to said managers' queries or concerns. But, in spite of the managers' feelings on the matter, I rarely see a situation where the IT department is truly incompetent or is doing a poor job on security. What is really happening is that the managers are not qualified to evaluate the IT departments procedures and that said departments become "unresponsive" to these managers after a while of hearing the mistrust and false accusations from someone unqualified to judge.
The fact is that most file servers offer most of the features that you are asking about. Most file servers(Windows NT-2003, Netware, Unix) have very good security measures that allow compartmentalized access, the ability to recover an account and its files when the user is hit by a bus, extensive access logging and auditing, the ability for the file's owner to assign other users access permissions, the ability to handle very large files, potentially secure access control via user ID and password, and more. Most newer ones will allow you to encrypt individual files, directories or even entire disks to further restrict access although this can interfere with work when multiple users are involved. Also, most file servers from within the past decade can support two factor security schemes that utilize one time password key fobs or even biometrics like thumb print scanners(which I find preferable to key fobs that can be lost or stolen).
The most contrary item on your list of requirements is the ability to take home large files. This is a gaping hole in any security system and if the files are so terribly valuable, your company should implement measures to make sure that taking these files anywhere form the server is impossible, or at least extremely difficult. Why would you implement an elaborate security system and the have the files walking out the door on a disk or tape? (As I think about it, Microsoft claims that this can be done securely under their Trust Computing and DRM plan. But, I won't buy into it.)
In the end the question returns, are you actually qualified to evaluate and judge the IT department's processes and procedures or are you feeling dejected because they are "unresponsive" to your individual needs? One final note about your IT department's pride in their antiquated network. There are several systems out there that although old are still more than capable of doing their job and are indeed quite secure. DEC Vax systems running LAT can be completely secure from both external and internal attack. The same can be said for Novell systems when they rely on the IPX protocol. In spite of your obvious dislike and mistrust of your IT department, it is entirely possible that they are truly very secure with their outdated network.
Ask Managment to have an Security Audit performed (Score:3, Interesting)
Many people assume that the only reason to get an audit done is for responsible admins to double check their work and verify that their network is secure. This is a completely valid reason, and the best reason to do one, but there are also political motvations, like in your case. The IT department's stance is that they are secure. You beleive otherwise: have an infosec company do an audit. They can show the problems in the network, do so in an impartial way, and give it directly to management who can either exonerate you, or give you the tools needed to do your job.
Personally, I would consider Network segmentation, and access controls (both host and network)as the first thing I would think of. Also, read-only smart cards with an encrypted key on in and a strong encryption policy. Keys are checked in every night, and each user has a seperate password. You leave, you cant access the file. Then create a strong security policy for your department and have management sign off on it, so you can take immediate steps if anyone violates the policies (taking a key home, unauthorized laptop, etc.)
if you really need help, feel free to contact me:
me [mailto]
Said it before, say it again (Score:2)
Considering the number of people who appear to have access to your data, and the current us vs. them politics with the other departments, you can be certain that any measures you take to protect your data from theft will be, in the end, undone by the human factor. You should emphasize, instead, maintain
Rules of thumb (Score:5, Funny)
Well, it's a difficult situation. I suggest strong coastal fortress walls, and heavy shelling cannons. Also be sure to have your mates dig the hole before you bury the treasure. That way they will all be tired and you can shoot them and bury them with the treasure. I also suggest wearing a hook and eye patch. Some would argue that this is security through obscurity, but it does have a legitimate affect as a deterrent. Oh, and DON'T FORGET to draw a map with paces relative to everyday objects. This is sure to throw off that random bunch of happy go lucky teenagers in an 80s movie.
How to do it (Score:2)
Its easy - you say your IT people say its "that old it's secure", well if its that old = root exploits-a-go-go. Root the box, then set up the security properly.
What? Noone said the solution had to be legal...
the rm utility (Score:1)
Well.... (Score:2)
I suppose I could lend you my public encryption key for a while....
PGP? (Score:2)
Run your own internal network. (Score:1)
treat the company network as if it were part of the internet --
outside, hostile, dangerous. That means you have to have your own
internal firewall(s) that prevent traffic from coming into your
department from the rest of the company network, except for traffic
that you specifically allow. The IT department can control whatever
servers it likes, but you don't put anything that matters on those
servers; you keep it on your OWN servers. Ideally, th
Ask a unicorn about it (Score:3, Insightful)
No internet access to secure PCs, no digital media allowed in or out of the secure area. And make the engineers understand that, if they are found responsible for data escaping, it means not only their job but their career as well, and quite possibily a large chunk of money.
If your data is worth that much, if the company's future depends on it, you cannot afford to take any risks. Hire an expert security consultant to examine YOUR system and implement security safeguards and procedures. You will have to give up an amount of conveniences and features in order to achieve security. Don't kid yourself that there is a transparent way to do this.
Re:Ask a unicorn about it (Score:2)
Re:Ask a unicorn about it (Score:2)
See you around!
Re:Ask a unicorn about it (Score:2)
Re:Ask a unicorn about it (Score:2)
Re:Ask a unicorn about it (Score:2)
Perhaps accepting the truth would help you.
Re:Ask a unicorn about it (Score:2)
Easy! (Score:3, Funny)
Security (Score:2)
Instruct the engineers to rectally insert them when not in use. You'll be safe from everything but a cavity search. Large files can be spanned across multiple devices, just find someone with extra capacity available. (The Goat.se dude could be your new server).
SD
Fire the POS IT guys... (Score:2)
Not Opensourced but... (Score:2)
except for contradictary requirements ("We don't trust engineers but they can take files home and use as they please" "We have no control over computers but our solutions must be a robust computer system") you should look into document management portal systems.
Some examples are OpenText's LiveLink or IBM's Lotus Notes.
Re:Not Opensourced but... (Score:2)
Notes' security good enough for the CIA, so it's good enough for you. The problem is that you have to retrain people to keep important thin
Your problems are not software related. (Score:2)
Your company needs to create a security admin. This person needs to be above the level of department managers. This person needs to dictate security policies company wide. If a manager doesn't like her policies, that manager needs to go to her boss.
The security admin needs to have her job on the line if your code gets out in the open.
Do that one thing and see what happens.
Many, many, many people are gonna be pi
Simple steps (Score:2)
What I did in the same situation was:
1. Fix the physical security: get a clear desk policy up and running. As well as protecting you from intruders, it also means the impact of a fire will be much less.
2. Move all important files to the server (which will be backed up and has access controls).
3. Put power on passwords on all PCs, make sure they are good ones (if you need access in an emergency, there will be an administrator password held by
Talk to management (Score:1)
Risk assesment (Score:2)
ie the threat, the risk (impacty on the business), likelihood and possible ways of reducing the threat/risk with costs.
Present this info all the way up to the board of Directors, at the end of day they run the business and its there descision. You need to get a high level manager/director to sponsor this for you as well.
Alot of this kind of problem is getting the business (directors) to be aware of the problem and t
my thoughts (Score:2)
1, you can't control external IT services, external IT is hotile to you.
Fine, if you have support from your department, then treat the rest of your company's IT assets as 'hostile' and 'insecure.' Having your bosses support is crucial, it's his job as a project manager, or division head to facilitate his employees getting their work done. Further, its his job to make sure that important information and data is not compromised. He is delegating that responsibility to you, but it i
Buses (Score:1)
Petition to outlaw buses.
What I do (Score:2)
I use PGP [pgp.com] - the 'freeware' version - because I'm only securing personal files, not work files. For work files I'm sure you'd need an enterprise license or some such thing, but I've found it to be really easy to use. I also haven't tested out how actually secure it
My opinion (Score:1)
Authentication (smthing you know and smthing you have = smartcard) Contact smartcard vendors (Gemplus, etc.) and they will be happy to help you.
Securely taking files home is like securely taking a nuclear device home. This does not exist... Either be "completely" secure or do not allow this...
Not depending on a single person to keep a secret is tricky:
you may try somthing like this: each engineer changes the password every we
Its not your job, tell your boss (Score:2)
Then this is not your problem, its the IT director's problem. Or a CxO's problem.
we do not have good physical control of our environment
Again, if you are not the one in charge of physical security, its neither your job nor your responsibility.
we are stuck with Win boxes as clients
You're fucked! Seriously, the security of files comes from properly configured and admined win servers, not from the clients.
I would like the 'something yo
Re:Its not your job, tell your boss (Score:1)
Re:Its not your job, tell your boss (Score:2)
The clients are always the weak link. Everyone from script-kiddies to the FBI knows this. It's hard to secure files when they have to traverse the network. Besides, don't pretend that a 'properly configured win server' is any different from a Windows workstation when it comes to security: they're the same OS.
There might be some freeware projects out there, but none of them come close to the completenes
It's simple (Score:2)
1) Remove all floppy drives and other writable-removable-media drives from every desktop on the network.
2) Keep the servers in a locked room. Put two or three cameras in the server room.
3) Enable firmware passwords on all computers to prevent installation CD root access.
4) Put lock-down cables on all computers to prevent physical theft. Real computers, such as Sun workstations, even have it where the lock-down cable prevents opening the case, too.
5) Isolate your network from all others, especially the
Re:It's simple (Score:2)
Here's a couple more:
8) No windows.
9) Faraday cage in the walls.
10) Submarine-style isolation of the interior of your building, to prevent sound transmission to the outside.
It'll be much harder for the competitor's spooks to get anything, but it seems things are getting a bit less simple, now. You know, a military submarine is a great example to follow for good network security!
Polygraph tests (Score:1)
Shameless self-promotion (Score:1)
Limited options (Score:2)
I'm not sure you're going to be able to meet all of the constraints. One piece of the puzzle may be linux running Samba re-exporting the company server but layering a crypto-fs on top of it.
Unfortunatly, that would not be a very granular but would at least narrow your risk from the whole company to just your own department.
You're screwed (Score:2)
You MUST have physical security. I can hack any machine I can get physical access to... If the data's encrypted, I just walk out with the whole disk and decrypt it at my leasure in my lab...
Your IT people need to either get a clue or you need to get new IT people.
Finally, hire a reputable security consultant and actually do what he tells you to.
Otherwise, you're wasting your t
You have more than a problem... (Score:1)