High Security Networks - Removing recent documents

I am the Network Security Administrator for 6 networks that border
between medium and high security networks. I have some computers that
require the screen savers to be disabled. On the networks I have also
disabled cd rom's, usb's, etc. I try to be consistent on what changes
I make on all the networks in order to ease administration. So saying
that I recently removed a lot of features that were available, the one
thing that I removed that caused a lot of friction with customers was
the recently viewed documents. I am unable to find any best practice
documents to support my position, can you assist me? This is a hot
issue; I am not usually questioned about my security practices and when
I am I usually have supporting documentation to support my action. I
had read about doing this in high security environments but I can not
find that documentation now.

Re: High Security Networks - Removing recent documents

In article <1153674641.035742.48820@m73g2000cwd.googlegroups.com>,
birddog wrote:
>I am the Network Security Administrator for 6 networks that border
>between medium and high security networks.

>thing that I removed that caused a lot of friction with customers was
>the recently viewed documents. I am unable to find any best practice
>documents to support my position, can you assist me? This is a hot
>issue;

It isn't uncommon for me to disable it, but the Windows machines I use
are not used much by other people.

In thinking about your situation, a question would arise in my mind
as to how much security people have to go through in order to
see the document list of other people, or of people who might have
stepped away from their desk? For the latter point, you mentioned
having disabled screen-savers: are your customers all well-drilled in
"lock up EVERY time I step away from the desk" ? (The only sites
I've seen that rigorously have been banks.)

Any computer with multiple users in which one user could feasibly get
access to someone else's MRU lists: Yes, definitely disable [unless
all users have access to those documents anyhow, and no visitors
can use the system.]

Any computer intended to be single-user and which would be difficult
for someone else to "slip over to" and use when someone is absent
temporarily: hmmm, I might consider allowing it if only mid-level
security information was available, but probably not for high security.
(I'm presuming here that the high security documents are individually
access-controlled, such as individual encryption or smart-card access
needed to open them: when the security level is that high, then even
the -names- of the documents can give away information that should not
be revealed.)


As an example: when there is a big politically-linked financial
announcement pending, then often at my workplace, only the top
management levels are authorized to even know that the matter is
under negotiation. If people were able to get at the management MRU
lists, then the names of the documents could be sufficient to
be a "leak". (Last year one of the cabinet ministers here in Canada
got put under investigation on suspicion of insider trading; it
turned out that all he had said to someone was that there would be
an announcement the next day and that it would likely "make you very
happy". Just that was enough to trigger several hundred thousand
dollars of profitable trading.)

Re: High Security Networks - Removing recent documents

birddog wrote:
> So saying
> that I recently removed a lot of features that were available, the one
> thing that I removed that caused a lot of friction with customers was
> the recently viewed documents.

Don't you have user accounts for each user? Then why don't you restrict
the last viewed documents for each user to her/his own user account?

Yours,
VB.
--
Ich würde schätzen, dass ca. 87% aller spontanen Schätzungen völlig für
den Arsch sind.

Ralph Angenendt in debate@ccc.de