[lug] securing files
stimits at idcomm.com
Mon Apr 22 16:32:03 MDT 2002
Peter Hutnick wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On Monday 22 April 2002 04:03 pm, Hugh Brown wrote:
> > I have some files that were acquired under agreement that they be
> > completely confidential, only accessed by people on the project, and
> > never transported unless encrypted.
> > Right now they are on an NFS share. I'd like to make it so that the
> > files can't be copied anywhere but can still be read by the appropriate
> > people.
> Well, if you let people read them you can't really stop them from copying
> them. You may notice that there is no "copy" permission in UNIX. Read ==
> That really is a loosing battle (as the record and movie companies can tell
> you). You could do a custom reader, that renders the files as graphics that
> are designed to be hard to OCR, but you can't stop transcription of something
> that someone can read.
Not to mention screen shots and mouse copy/paste. Even encrypted files,
to be viewed must be decrypted, exposing it (an encrypted partition
can't be copied in a useful way without the key, but while it is
mounted, it is no longer encrypted to the end viewer...and is vulnerable
So to extend the above notion of it being a losing battle, the only real
way is a secured machine that has no network access, and no floppy or
similar device should be easily used (perhaps a smartcard access to the
floppy for use only by trusted people, and logged?).
D. Stimits, stimits at idcomm.com
> You /could/ use PGP file encryption and encrypt with the public keys of only
> the folks authorized to read them. That won't stop them from decrypting them
> and emailing them to an unauthorized person.
> - -Peter
More information about the LUG