How to provide laptop and protect data from copying?
Want to hire an employee in another city, to provide him with a workstation, but to protect information on the device copy (the device itself will be at the disposal of the employee). You should encrypt the disks, to allow you to connect external devices to allow access to the network only through the company server (where it will be allowed access only to specific IP). Did you like this? By what means you can implement (including pay)? OS does not matter, as cross-platform.
If we're talking about the same gateway for Internet access, it should be possible to spoof the server with manipulation of the routing.
Sign the employee NDA or what is the name of the document, in fact of non-disclosure. and you will be happy, and suspect the leak to court and be done with it
Anjali95 answered on June 26th 19 at 14:09
Technically - no way.
The only competent way to pick up people who value their reputation and have a high level of professional ethics. The only thing that many such people will not go to your sharaga, if she does not have as excellent reputation. Protect the honor of his youth, as they say.
Esta_Upton answered on June 26th 19 at 14:11
Although You did not specify from copy or from a leak? Leakage is arranged a trivial rewriting on a piece of paper :) It theoretically can be prevented by only using SMP with the function of monitoring via the webcam of a laptop, and it will be useless without Internet.
Up the establishment on a media copy of the file, preserving its structure so that it was more convenient to work is also possible. Even with all the imaginable bells and whistles. Administrative rights will not? So take hiren, butimba CD, knocks the password for the local admin, increase privileges - without the use of vulnerabilities! Once you have permission, you can disable any gardow, to register any device in the trusted. You can even make a dull copy of the screw means, for this purpose - for example Akronis. And already with a copy of screw to understand as much as necessary.
Yes, SMP, after the fact can notify you about the up - when the laptop will go out to Internet, if the buffer will not overflow. But the fact of the leak it can not prevent, especially if it's not a DB and some kind of photo :)
Full access is full access. Is dangerous every "cloud" service providers - and they know it and so try to get Your data...
Kenyatta answered on June 26th 19 at 14:13
The information displayed can be banal barenblat, to photograph, to record on video.
Clement_Johnst answered on June 26th 19 at 14:15
To answer this question, You will have to tell a lot more:
1. What protect
2. Model of the offender
...for to protect all from anyone will not work. Even if you do not need offline, you can open a sniffer. Encrypt? OK, there admin. Admin deaf-blind and believe in God? OK, there is a cleaner that will leave the camera the admin. There is no cleaner? OK, there are special services that will implement micromicrocurie...
Will always be a limit, which overcome the disadvantageous. Which separates the model of your intruder from infinity. And this limit depends on claim 1 - that protect.
So what and from whom you want to protect?
Lucio answered on June 26th 19 at 14:17
Why recruit people who want to merge the old and dump? Such employee any technical means will not save when he can get access to information.
But if employees are loyal, and you are protected from unintentional removal or theft of information by third parties then something can be done:
1.To sign a non-disclosure document.
2.To install and configure: system of protection against unauthorized access, DLP, firewall, anti-virus.
3.Centrally collect and monitor logs.
4.Total encryption of all disks, including the boot.
5.Sealing of the housing and the compartment for the disc.
6.Enhanced login: tokens, smart cards, etc.
7.A decent salary to the employee for the suffering in the course of performing their duties.
8.The prohibition of access to the Internet.
haylie11 answered on June 26th 19 at 14:19
Give terminal access to their resources with the relevant safety regulations. Although in this case the employee can simply take a picture of the screen with information of interest
victoria_Morar answered on June 26th 19 at 14:21
Support with Windows Remote Desktop.
But there are solutions and Laptop :
- To encrypt a Laptop is possible and even necessary - VeraCrypt to help, and you can configure a hardware USB key (type ruToken with PIN code) that the person did not know and did not use the password and inserted the key and entered the PIN to the laptop Booted. Because a complex password it will record on paper.
control devices: paid software - Kidlogger: block the connection of other devices, Bluetooth, DVD, banned download from the Internet (and Uninstall as well) , sending files to the network including LAN/FTP , and will monitor user activity, screenshots and stuff.
- About Networking while can't think of a solution.
nikita.Stracke answered on June 26th 19 at 14:23
To set the clock video surveillance of his workplace and put the guard of the observer.
Why give him over to the computer? It is possible to have it remotely worked with resources that are physically in another city, and to limit his rights to copy.
aniya.Heathcote65 answered on June 26th 19 at 14:25
I also chord for access via RDP, if you give him the laptop, then it is better to provide a weak laptop and no mobile Internet and RDP to the workstation than fooling over not being implemented in principle by the task. I thus implemented the access for multiple employees. (Though I have full access and no NDA with me, no one sign, but I'm a decent person and employee you wish)