Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

disallowing sending of data via web mail

Status
Not open for further replies.
techsupp

techsupp

IS-IT--Management
Jan 28, 2001
2
HK
I work for a computer support company, and many of our clients are recruitment companies. Their staff obviously need to browse the web to do their jobs.

The number one concern of these clients is that they don't want their staff to be able to steal their contact database. The staff need to be able to see and use the database (often ACT or some other simple db program), but should not be able to take it out of the office. We can remove floppy drives, zip drives, cd burners etc, but it seems difficult to stop them being able to zip up the database file and email it to someone. We can stop it at the corporate email server level, but I haven't found a way to stop (or even detect) the staff using Hotmail or similar service to email the file as an attachment. We could block the Hotmail site, and Yahoo mail, but there are so many others out there that that approach seems futile.

Any ideas?


Richard Carrey
 
Sort by date Sort by votes
Not only would you have to worry about mail servers, but public ftp servers and such.

Here's an idea though. Web mail is not part of the job right? Well, you can write up a security policy stating that those sites are off limits. Block the big ones (yahoo,hotmail) on the firewall. Then set up an internet monitoring tool so you can catch users that go to the mail sites. Have some sort of punishment there or something. Also have them sign some sort of statement that they won't take contact list offsite under penalty of <fill in the blank>.
You can set up some content filtering that will catch/block keywords like &quot;contact&quot; or &quot;phone number&quot; that are sent over the internet. I'm not sure what application you could use for that, but I'm sure there's one out there.

Sounds extreme right? But, I can't think of a better way to do it. ________________________________________
Check out
 
Upvote 0 Downvote
Depending on your budget for this, you may want to take a look at:


I can't vouch for the product, as I've never used it. But everything that they claim is possible using open source tools, so I can easily believe that they have automated it.

I have used their PhoneSweep product years ago, and other than its poor reporting capabilities (which have been fixed now, I understand), it was really pretty solid.
pansophic
 
Upvote 0 Downvote
These databases should be delivered through some sort of intranet so that users can browse/search the information but dont actually have access to the database file. This is the most secure way.
It's fairly easy to make ASP pages on IIS talk to databases.

Even if you blocked zip files ppl could just alter the extension, mail it and then change it back at the other end.

if you blocked webmail, what's to stop ppl uploading it to geocities or other webbased ftp pages.

In the situation you describe you're chasing your tail. Constantly trying to keep up with the users(abusers). There's endless possibilties.
===============
Security Forums
 
Upvote 0 Downvote
Thanks for those helpful suggestions. The contractual side between the employer and employee is normally in place already. The hardware monitoring device looks just the job, but is a bit pricy at US$7,500, but it's useful to have something to offer the worried clients.

As browolf says, there are just too many possibilities. Even if you block access to the files, if the can see the data they can do screen captures and paste to a Word document.

I think it's the same old story of nothing being truely secure, you can just make it a bit harder for them to get away with it. I had been hoping for a solution along the lines of &quot;Make sure port xyz is closed&quot; but sadly, it's rarely that simple!

Richard
 
Upvote 0 Downvote
The really only thing is to Monitor ALL activities of your staff. Even blocking Internet ports does not prevent a user from downloading a Tool which could Transfer Data to Port 80 of an arbitrary server, Which has been prepared for this purpose.
But be careful that you do not violate the privacy of your staff.

hnd
hasso55@yahoo.com

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2
  • Locked
  • Question
Loss of my privacy
Replies
12
Views
1K
Rick998
Rick998
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
617
Johnkite
Johnkite
DivemasterBill
  • Locked
  • Question
Cannot connect via the SonicWall Login webpage
Replies
0
Views
149
DivemasterBill
DivemasterBill
Shmid
  • Locked
  • Question
Hi We´re thinking of enabling Ac
Replies
0
Views
470
Shmid
Shmid
ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
151
ISDPCMAN
ISDPCMAN

Part and Inventory Search

Sponsor

Back
Top