Erwin Craps - IT Helps
Erwin.Craps at ithelps.be
Tue Dec 20 15:04:42 CST 2005
Well it's a pretty difficult situation, there are severall parties involved and it is known that some persons do not treat the data all that confidential, probably for good relationship with the press or other parties like investors that could take advantage of the data. But all the parties have right to have the data. Infact every one of those 180 (just checked it is already 180) recipients is partialy owner of that data. So I can't valid a person if he can or not may have the data. If he has the right he has the right. The data does not need fullproof protection. Avoiding forward (or at least making it more difficult) or beeing able to know whom it has been forward from/to is sufficiant, so I can contact this person. Securing further would cause availabilty or management problems. Furthermore normal Excel use in that file should be posible (changing, adding, exporting). It's just a question how to add a treshold into the forwarding so users will not forward that easy. Either from a technical or a chance-to-be-caught-fear point solution I not asking that much security, just a simple thing to disencourage a user to forward the excel file or a way to track the forward. Stupid things like (just came to my mind when writing this), adding usefull attractive hyperlinks in the Excel file where user can click to get more data from my webserver.. When they click on these links I can see in my weblog from which IP address and probably from wich domain when they have a fixed IP. This may sound silly, but it isn't in this case. If get get a mail forwarded on a daily basis, after a couple of weeks or months, you forget that you should not have that mail and tend to do stupid things... It will not cover everything but it will hint us in the good direction, since the sector is very small world. Using an Id in that link should enable me to know whom's file is beeing clicked. That would mean 180 different files, but I do not need to send out 180 different files on a daily base. Erwin -----Oorspronkelijk bericht----- Van: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] Namens Gustav Brock Verzonden: dinsdag 20 december 2005 17:15 Aan: dba-tech at databaseadvisors.com Onderwerp: Re: [dba-Tech] Securing Excel File to avoid E-mail forwards Hi Erwin You can't deliver confidential data to non-cleared and non-trusted people - while at the same time keep the data confident. It's that simple. You could perhaps create an encryption setup where the decryption is locked to the MAC address of the reader's machine and/or a time frame of an hour to watch the data. Still, if data is visible on screen it can be copied and passed on. Or you'll need a dual key setup like that for controlling launch of nuclear weapons where no single person has the full key to anything. Thus customers would have to meet in pairs or triples to get access to the data ... /gustav >>> Erwin.Craps at ithelps.be 20-12-2005 08:19:29 >>> "As Stuart said, you can't. If people can't handle confident data, don't pass it on." Easy to say, but who is it? These are all employees of paying customers.... Can't fake data, is all official data and it would be noticed to, the data is verifiable. Serializing tought of that to, but in 6 years time (thats 1560 unique Excel files * +/- 120 recipiants= 187200 Excel files with an own life), never got hold of a forwarded file. Since the data is so confidential no one is stupid enough to return a forwarded file to someone in the trust group. Why should they? The trust group has that data already. _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com