Re: Information Rights Management

["The Janitor" <thejanitor () fastmail fm>]

Hi 

Why not send password-protected PDFs? They're smaller as well.

-- 
Best regards
 
William 


> ------------Original Message------------
> From: "Philip Wagenaar" <p.wagenaar () accon nl>
> To: security-basics () securityfocus com
> Date: Mon, Aug-9-2004 6:00 PM
> Subject: Information Rights Management
>
> Hi,
>
> Rrecently we (our company) asked ourselves the question what if clients 
> modify a document we send them (in ie. Word format) and change figured 
> and numbers (ie. made more profit) and resend that document to another 
> part (ie. an investor)? 
>
> First of all, most topis on this list are very technical, but what is 
> the use of a highly secure network if these weaknesses still exist?
>
> Microsoft Office 2003 uses Information Rights Management to protect 
> office files from being altered and as I understand can also sign them 
> digitally. If a client doesn't have Office 2003 they can use a browser 
> plug-in from Microsoft to still view the document. This is as far as I 
> know the only product for office enviroments that has protection against 
> altering. (By the way, IRM is much more secure then the 
> standard-passwords protection for office files).
>
> I looked at other solutions, like Pretty Good Privacy, but they are a 
> hassle to work with. Maybe not for us, but for home users it is.
>
> Does anyone have experience with making sure that information (ie. 
> office files) that leave the corporate network from being abused? 
>
> I also came along a tool from Microsoft that removes all the extra 
> information from Office files (ie. author, who viewed it, who edited it, 
> etc, etc). Does anyone also know of a product that does this automaticly 
> and intergrated with E-Mail clients?
>
> Met vriendelijke groet,
>
> Philip Wagenaar
> Junior Projectleider ICT
>
> AccoN Accountants & Adviseurs
> ICT Project Bureau
> Postbus 5090
> 6802 EB Arnhem
> The Netherlands
>
> tel. +31 (0)26-3842384
> fax. +31 (0)26-3630222
> mobile: +31 (0)6-25388935
> MSN/E-mail: p.wagenaar () accon nl
> Yahoo: philip_wagenaar
> http://www.accon.nl
>
>
> ##################################################################
>
> Dit e-mailbericht is uitsluitend bestemd voor de geadresseerde.
> De informatie hierin is vertrouwelijk, zodat het derden niet is
> toegestaan om daarvan kennis te nemen of dit te verstrekken aan
> andere derden. Indien u dit e-mail bericht ontvangt terwijl het
> niet voor u bestemd is, verzoeken wij u contact op te nemen met
> de afzender en de informatie te verwijderen van iedere computer.
> Bij voorbaat dank. 
>
> ==================================================================
>
> The information transmitted in this e-mail is intended only for
> the person or entity to which it is addressed and contains
> confidential information. Any review, retransmission or other
> use by persons or entities other than the intended recipient is
> prohibited. If you received this in error, please contact the
> sender and delete the material from any computer. Thank you. 
>
> ##################################################################
>
> #####################################################################################
> This e-mail message has been scanned for Viruses and Content and 
> cleared 
> by MailMarshal
> #####################################################################################
>
> ---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 
> off 
> any course! All of our class sizes are guaranteed to be 10 students or 
> less 
> to facilitate one-on-one interaction with one of our expert 
> instructors. 
> Attend a course taught by an expert instructor with years of 
> in-the-field 
> pen testing experience in our state of the art hacking lab. Master the 
> skills 
> of an Ethical Hacker to better assess the security of your 
> organization. 
> Visit us at: 
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------
>
> .
>
> __________ NOD32 1.835 (20040806) Information __________
>
> This message was checked by NOD32 antivirus system.
>   part000.txt - is OK
>
> http://www.nod32.com


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------