How to restrict file opening only in certain computers

reach2prashant

Honorable
Jun 20, 2012
3
0
10,510
I want to setup security system in my office where each files in employee laptop is secure. File can be shared within a group of employee laptop and should become junk file if shared elsewhere. Each file should be protected by a password defined by some security application which acts like a master password. When a file is clicked to open it should not ask for password to open in the same computer, but if it is shared in other computer which have the same security application then it should ask for password to open the file, given the master password of security application of that computer is different. If the master password of security application in two computers are same then it should not ask for password to open file.
Is there any application available which can solve this issue.

Regards,
Prashant
 
Solution
You're going to need a central server to handle this for you. You can't do it at the client level, since you'll need a central "brain" to administer the permissions.

What you choose is going to come down to:

1) Your budget
2) What you need to be compliant with (eg, HIPPA)
3) How your team needs to use the files

Given all of that, you may need to adjust your list of requirements.

I'm not sure what you mean by "should become a junk file if shared elsewhere". I'm going to guess that means if the file goes outside of your allowed zone it encrypts/self-destructs in some way. I'm not aware of any off-the-shelf solution that will do this for you, which means you'd need an existing solution customized or a custom built solution (read...

nhasian

Distinguished
Apr 5, 2010
193
0
18,710
it sounds like you need an NT or Linux server to handle the security and have the clients log into the server for security and to access shared data. if you want to secure an individuals laptop or files/folder then check out Truecrypt.
 

reach2prashant

Honorable
Jun 20, 2012
3
0
10,510
Thanks for your quick reply Nhasian.
I tried Truecrypt but it is not fulfilling my requirement. I need security system to be implemented in each laptop where files can be freely shared within those laptops and at the same time employee cannot misuse any file by leaking out to any external party. The password of security system file should be with admin and not with every employee. Employee should be free to access files available in their computer without password but when it is shared outside it require password to access files.
 

Rusting In Peace

Distinguished
Jul 2, 2009
312
0
19,060
I don't think you can effectively stop this using the method you are looking for. If you found a system like that I'd simply:

- Copy and paste from the secure file into an unsecure one.
- Write / use a program that read the file from the file system and write it to a new file.
- Screengrab the open file.
- Use a camera to literally take a screenshot.
- Print it.
 

wombat_tg

Distinguished
Nov 26, 2010
28
0
18,590
You're going to need a central server to handle this for you. You can't do it at the client level, since you'll need a central "brain" to administer the permissions.

What you choose is going to come down to:

1) Your budget
2) What you need to be compliant with (eg, HIPPA)
3) How your team needs to use the files

Given all of that, you may need to adjust your list of requirements.

I'm not sure what you mean by "should become a junk file if shared elsewhere". I'm going to guess that means if the file goes outside of your allowed zone it encrypts/self-destructs in some way. I'm not aware of any off-the-shelf solution that will do this for you, which means you'd need an existing solution customized or a custom built solution (read: $$$)

Let me see if I've got all your requirements straight:

1) Control access to the file server
2) Control access to the files within the server based on the user's roles & permissions
3) Control this access at the file level in some cases
4) Prevent sharing documents outside of the group.
5) Limit admin privs to a few, select individuals
6) Revision control/audit trails so you can see who did what to the document when
7) local document access on the machine
8) Syncing of files between laptop/server so everyone has the most up to date copies, and of course so backups exist

These are pretty straightforward requirements. Here are some more considerations for you to think about:

1) A determined employee can steal your data. Copy it to USB, attach it in an email, FTP it, I could go on. While steps should always be taken to protect data vigilance is still required. When considering any product consider how it could potentially fail or be misused. Not allowing local copies of files is one way to mitigate this risk, but in many cases it's just not practical.

2) If you use a local file server (one you set up and administer yourself) you will need to consider how you will "harden" it to external threats. Setting up the server and protecting the data on it from your employees will not protect the data on it from people you don't even know.

3) Do your employees need to be able to access this data from outside your office? If so, you will need to again consider #2. That adds another layer of complexity.

4) Do external parties (like clients) need access to this data? If so, you will need to again consider #2.

5) Do you need local file encryption for data at rest? Are your harddrives already encrypted? Because if a laptop gets lost/stolen it's very easy to simply remove the drive, mount it to another machine and rumage around.

There are MANY options for you. You're not the first business to have all these concerns. But which option will SUIT you depends on your actual needs, how your employees work on the data and what your budget is.
 
Solution
Encrypting the file will work, but you need a pretty complex setup to do what you want. We use CheckPoint for encryption, both media and hard-drives. Using a central server with logon info, if a user it logged on and authenticated, they can open their encrypted media files. If they are not, the encryption software prompts them for a username and password.

You need a good encryption tool, just setting up windows security won't do you much good, and can be gotten around in 3 minutes or less by almost anyone who knows how Windows works.

Check with some encryption tool providers, you'll need a consultant or at least some training to set this up.