Examples of using SecretsSaver Corporate
Task 3.
Secret information is stored in a Database which can be accessed through the network. Some employees can access the network
using their notebooks which they can take out of the office.
It is necessary to reduce the risk of stealing the information by such employees to a minimum.
How to solve Task 3.
To prevent the data stealing you should install the SecretsSaver Corporate system on all the notebooks and setup the
Employees Access Levels in a standard way.
In order to exclude the possibility of connecting the DB server from a notebook which is not protected by SecretsSaver
Corporate you should specify a specially created security policy ipsec which enables you to connect to the DB server only
through the encrypted channel, and providing the encryption key according to the Kerberos protocol only to domain members.
Example of creating the ipsec security policy protecting the connection to the server:
|
netsh ipsec static add filter filterlist= DBAccessFilterList srcaddr= Any dstaddr= <DB IP-address>
netsh ipsec static add filteraction name= DBAccessFilter
netsh ipsec static add policy name= DBAccessPolicy
netsh ipsec static add rule name= DBAccessRule policy= DBAccessPolicy filterlist= DBAccessFilterList filteraction=
DBAccessFilter kerberos= yes
|
How Task 3 solution works.
As long as the notebook works in the corporate network (i.e. is connected to the domain) the work with secret information
is performed in a standard way for the SecretsSaver Corporate system. When you work with your notebook without being
connected to the domain (no matter under the local or domain account) the access to secret documents is blocked despite of
the Windows account privileges under which the user works.
|
