Security Basics mailing list archives
Re: Information Rights Management
From: nee cee <nc () phat co nz>
Date: Mon, 9 Aug 2004 16:05:23 -0700 (PDT)
I dont have any solutions for easily locking down files. i would say however that although password word protected pdfs will stop a majority of people (we use them ourselves) if someone has ghostscript, a printer redirector (redmon)and util like freepdf then no more password protected pdf. .................................. Hi Why not send password-protected PDFs? They're smaller as well. -- Best regards William
------------Original Message------------ From: "Philip Wagenaar" <p.wagenaar () accon nl> To: security-basics () securityfocus com Date: Mon, Aug-9-2004 6:00 PM Subject: Information Rights Management Hi, Rrecently we (our company) asked ourselves the question what if clients modify a document we send them (in ie. Word format) and change figured and numbers (ie. made more profit) and resend that document to another part (ie. an investor)? First of all, most topis on this list are very technical, but what is the use of a highly secure network if these weaknesses still exist? Microsoft Office 2003 uses Information Rights Management to protect office files from being altered and as I understand can also sign them digitally. If a client doesn't have Office 2003 they can use a browser plug-in from Microsoft to still view the document. This is as far as I know the only product for office enviroments that has protection against altering. (By the way, IRM is much more secure then the standard-passwords protection for office files). I looked at other solutions, like Pretty Good Privacy, but they are a hassle to work with. Maybe not for us, but for home users it is. Does anyone have experience with making sure that information (ie. office files) that leave the corporate network from being abused? I also came along a tool from Microsoft that removes all the extra information from Office files (ie. author, who viewed it, who edited it, etc, etc). Does anyone also know of a product that does this automaticly and intergrated with E-Mail clients? Met vriendelijke groet, Philip Wagenaar Junior Projectleider ICT AccoN Accountants & Adviseurs ICT Project Bureau Postbus 5090 6802 EB Arnhem The Netherlands tel. +31 (0)26-3842384 fax. +31 (0)26-3630222 mobile: +31 (0)6-25388935 MSN/E-mail: p.wagenaar () accon nl Yahoo: philip_wagenaar http://www.accon.nl
_____________________________________________________________ ------ Disclaimer: phat.co.nz accepts no responsibility for the actions of it's members. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Information Rights Management Philip Wagenaar (Aug 09)
- Re: Information Rights Management The Janitor (Aug 09)
- RE: Information Rights Management Wilfred Smith (Aug 10)
- Re: Information Rights Management steve (Aug 10)
- <Possible follow-ups>
- Re: Information Rights Management nee cee (Aug 10)
- Re: Information Rights Management The Janitor (Aug 09)