Re: Home Office Server Security

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Mike Bushroe
Date:  
To: PLUG-discuss
Subject: Re: Home Office Server Security
I do not have any answers for the original question, but based on my own
experience, I would not be satisfied with any of the solutions so far
suggested. That is probably because my bizarre approach to the issue too
far off the beaten path to have been worth anyone's time to try an
implement.

I have also done some work for others that requires some degree of data
security, although so far not to the level described above, but I would
also be tempted to mix in my own files of various types and degrees of
privacy. What I have found in the past with this kind of system, files of
different degrees of sensitivity, and worse, with different 'owners' of the
data all on one workstation or server is that yes, you have some security
until the encrypted drive is mounted, but after that all the walls tend to
come down and accidental mixing may occur. I realize that it is the
operator's responsibility to keep Company "A"'s trade secrets separate from
Company "B"'s secrets, separate from my emails and downloaded music or
videos, but the human is often subject to laziness and mental short cuts,
and drag 'n drop and click to save can sometimes drop files in the wrong
directory structure, just because I was a hair off or not checking the
browse window title. Thus I start putting files where they do not belong,
when it is still possible for the computer to have 'helped' me be more
careful.

What I envision, is the already described 'hard' encryption of the
entire volume so that if my computer is stolen, or someone hacks in, they
will not be able to get any of the secured data. But once the volume
password/phrase is verified and the volume decrypted and loaded, I would
want 'internal' locks, barriers, and checking. So that if I am working on
Company "A" data today, Company "B" data and directories remain locked and
no accidental transfers can be made. Within the volume, I would want a
second, fairly hard passcode/encryption to open the "NDA" covered items, a
medium one on my personal financial data, and a mild one on my personal
downloads. That way I can pick and choose which folders and files are even
accessible at any one time.

But the real 'extra' I would like is that once I have unlocked the
volume, then unlocked the Company "A" data to work on, and at the same time
unlocked my music collection to listen to music while I work, and one or
two personal folders where email attachments come from/go so that I can
respond to that last email that came in. Now, I need help making sure that
when I click and save an email attachment, it doesn't accidentally get
stuffed in Company "A"'s data because that was the last directory that I
saved to. So what I envision is a light weight 'garden fence' separating
and isolating opened secure file structure. And that the OS, or some other
program, watches when I access, move, copy, etc., files that if they go
between garden plots, or in and out of secure areas, that I need a short,
maybe 2 letter code that I have to stop and think about before allowing
access, to make sure that I really wanted to cross those boundaries. To
make that work, my private files might be configured to consider the email
client to be 'in', but the secure data to have the email client 'out'.
Also, all temp files opened by editors, viewers, etc should undergo the
same checking, and default in some way to the same 'garden patch' as the
parent program, which I think is the normal default anyway. But this way,
if I drag and drop and the file hits a different window than I expected, a
security dialog box would pop up and say "did you really want to transfer
file xxxxx.xx from family photo album to Company "B" secure? And if so,
enter the 2 digit code of the destination, or maybe a source directory code
dash destination directory code to make sure that you weren't just moving
files and clicking on 'autopilot'.

I would also like to have some overall security monitor that would
remind me what sections I have current out and running in their 'garden
patches', so that from time-to-time I can close ones I want to keep secure
and clean if I find that I have started working elsewhere.

Like I said, I doubt that anyone has tried doing something like this,
but at least in MY case, it would greatly reduce random files popping up in
my folders where I did not expect them, and also provide a little more
security on other files.


Mike                                   |


--
But he lives on in a Horcrux named Siri
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss