Securing Files in a Hostile Workplace?
lockdown asks: "How do I secure the files used in my department? I work in an engineering department and I've been tasked with securing our electronic files. We are a likely target of pirates, both internal and external. The 'resale' value of our files is very large. Attackers would be interested in selling our files or just posting them publicly for bragging rights. While I trust our engineers, many of whom have been here over 10 years, we do have many short-timers and temps in other departments. Worst of all, our IT department is clueless and even hostile to our efforts. (They are proud that, 'our network is so outdated that it can't be hacked.') How do I came up with a way to secure our files in a hostile environment and still get our work done?"
"The constraints of my personal situation include:
- the world controlled by the IT department (the network, most servers, tape backups, external firewalls, etc) are out of my control,
- we do not have good physical control of our environment to prevent physical theft or PC access,
- we need to compartmentalize access to different teams,
- we need to be able to recover access in the event a bus hits an engineer,
- engineers need to be able to securely take files home,
- data files can range into the GBs,
- this can't get in the way of getting work done,
- being engineers, we tend to work with a wide range of obscure tools that are unlikely to be supported by commercial solutions and may not play nice with the OS
- we are stuck with Win boxes as clients, but we could have a local dept. *nix security server,
- each engineer need to be able to enable access to any other engineer,
- I would like at least 2 factor security, something you know and something you have,
- I would like the 'something you have,' attached to engineer's car key ring (something you can't go home without) and
- open source preferred (no proprietary pixie dust, please)."
Not just the US, AU as well. In the places I've worked in (or supported) it's two networks. One for the inter-business communications and general work, but all classified work is done on a classified network. We actually confused a poor old PHB (engineer) but saying in passing that the two networks use an AirGap Router. The ol' boy searched his manuals for one but couldn't find it.
Robert Anton Wilson
I don't mean to be offensive here but you do not state what your qualifications with regard to IT are so, I must ask are you qualified to evaluate and judge the competence of your IT department and their procedures?
You see, I frequently run into middle and upper level managers that pose the same questions and issues that you do. They have decided that their files are the most important thing in the world and that the IT department is incompetent because they do not seem responsive to said managers' queries or concerns. But, in spite of the managers' feelings on the matter, I rarely see a situation where the IT department is truly incompetent or is doing a poor job on security. What is really happening is that the managers are not qualified to evaluate the IT departments procedures and that said departments become "unresponsive" to these managers after a while of hearing the mistrust and false accusations from someone unqualified to judge.
The fact is that most file servers offer most of the features that you are asking about. Most file servers(Windows NT-2003, Netware, Unix) have very good security measures that allow compartmentalized access, the ability to recover an account and its files when the user is hit by a bus, extensive access logging and auditing, the ability for the file's owner to assign other users access permissions, the ability to handle very large files, potentially secure access control via user ID and password, and more. Most newer ones will allow you to encrypt individual files, directories or even entire disks to further restrict access although this can interfere with work when multiple users are involved. Also, most file servers from within the past decade can support two factor security schemes that utilize one time password key fobs or even biometrics like thumb print scanners(which I find preferable to key fobs that can be lost or stolen).
The most contrary item on your list of requirements is the ability to take home large files. This is a gaping hole in any security system and if the files are so terribly valuable, your company should implement measures to make sure that taking these files anywhere form the server is impossible, or at least extremely difficult. Why would you implement an elaborate security system and the have the files walking out the door on a disk or tape? (As I think about it, Microsoft claims that this can be done securely under their Trust Computing and DRM plan. But, I won't buy into it.)
In the end the question returns, are you actually qualified to evaluate and judge the IT department's processes and procedures or are you feeling dejected because they are "unresponsive" to your individual needs? One final note about your IT department's pride in their antiquated network. There are several systems out there that although old are still more than capable of doing their job and are indeed quite secure. DEC Vax systems running LAT can be completely secure from both external and internal attack. The same can be said for Novell systems when they rely on the IPX protocol. In spite of your obvious dislike and mistrust of your IT department, it is entirely possible that they are truly very secure with their outdated network.
Many people assume that the only reason to get an audit done is for responsible admins to double check their work and verify that their network is secure. This is a completely valid reason, and the best reason to do one, but there are also political motvations, like in your case. The IT department's stance is that they are secure. You beleive otherwise: have an infosec company do an audit. They can show the problems in the network, do so in an impartial way, and give it directly to management who can either exonerate you, or give you the tools needed to do your job.
Personally, I would consider Network segmentation, and access controls (both host and network)as the first thing I would think of. Also, read-only smart cards with an encrypted key on in and a strong encryption policy. Keys are checked in every night, and each user has a seperate password. You leave, you cant access the file. Then create a strong security policy for your department and have management sign off on it, so you can take immediate steps if anyone violates the policies (taking a key home, unauthorized laptop, etc.)
if you really need help, feel free to contact me:
me
RandomAndInteresting.comdefending the world from stupidity since 1979