Shulou(Shulou.com)06/01 Report--

For the sake of data security, many enterprises need to send out documents for control. The widespread use of mobile phones and usb storage makes the management and control of outgoing files very difficult to achieve. In this article, I will throw a brick to attract jade and explore several ways to control outgoing documents. In the control of outgoing documents, the following aspects need to be considered:

Block outgoing files through the network

Block files sent by Bluetooth, usb and other peripherals

File encryption

1. Block outgoing files through the network

Personnel can send out files by mail, QQ, Wechat, network disk, FTP, and so on. Therefore, to block outgoing files through the network, you can consider the following options:

a)。 The whitelist of the website is only allowed to visit the website needed by the work, and the rest is prohibited. This is the strictest form of restriction.

b)。 Use application filtering to prohibit all file transfers, network disks, e-mails, etc. This scheme is relatively effective, but it can not rule out the possibility of transferring files through unknown application protocols.

The relevant screenshots are as follows:

two。 Shielding files sent by usb, Bluetooth and other peripherals

This chapter discusses the security needs of the host. If people can get close to the host, they will copy the relevant files through external usb storage, Bluetooth and other devices. So the safest way is not to allow close contact, all file operations are done through remote desktops. The second option is to ban usb and Bluetooth. The details are as follows:

Option 1: only allow files to be opened through remote Desktop (recommended)

The following security policy needs to be configured on the remote host.

a)。 Only files are allowed to be opened through remote Desktop, and copying to local is not allowed.

b)。 Prohibit remote hosts from accessing the Internet and eliminate the possibility of transmission through the network.

c)。 Prohibit remote hosts from accessing other shares, and prevent copying to other devices through the local area network.

As shown in the figure, run gpedit.msc to open the Group Policy Editor.

Plan 2: prohibit usb and Bluetooth devices.

Usb and Bluetooth devices can also be disabled through group policy, but it is not a perfect solution. For example, people can turn on the computer and take out the hard drive to copy data. Group policy forbids the configuration of usb. See the following screenshot:

There are also some third-party software that provides features such as banning usb devices, but the stability and reliability are mediocre, so it is not recommended.

3. File encryption

File transparent encryption is also a data protection technology. After using file encryption, the file can only be opened on the xxx where the encryption software is installed. In this way, data security can be kept secret effectively. At present, there are a lot of third-party software that can encrypt files, most of which use Microsoft's driver-level file encryption technology.

a)。 The advantages of transparent encryption of files are: convenient installation and deployment, support for multi-level access control, and powerful functions.

b)。 The disadvantage lies in the security of ciphertext. The ciphertext can be easily leaked and can be decrypted as long as it has a key, and the possibility of violent cracking of the ciphertext by technicians cannot be ruled out.

4. Summary

a)。 The remote desktop mode of isolating physical access can effectively eliminate the possibility of disclosure, which is the best solution.

b)。 Transparent encryption of files has certain advantages, and it is also an option.

c)。 Only disable the way of usb storage, there are many defects. Not recommended.

Therefore, it is recommended that you choose a scheme that suits you according to your data security needs and actual conditions, and combine with the network shielding scheme, so that you can achieve the best security effect.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.