How do I keep sensitive documents from leaking?

Discussion in 'Windows 7 Help and Support' started by enbeng, May 20, 2015.

  1. enbeng

    enbeng New Member

    Joined:
    Mar 24, 2015
    Messages:
    4
    Likes Received:
    0
    I have very sensitive company documents that I have to work with on a daily basis. It is critical that these documents not be accessible by others (mainly competitors).


    The documents are created, maintained, and stored on a secure, never online Linux machine. However, a couple of times a week, the documents are transferred via USB to a Windows machine for printing (complex printing that I cannot figure out how to do without going through a Windows machine such as engineering drawings and plotting). This Windows machine occasionally connects to the internet to keep an installation of Kaspersky up to date with the latest virus information, but is otherwise offline. It is never used for any purpose other than printing and presenting on a projector. It is never used for downloading, browsing, or any other risky activities. The computer is NEVER online when any sensitive documents or USBs are attached, and the sensitive documents are never transferred onto the computer from the USB (unless it's done in the background without my knowledge). They always stay on the USB.


    Are there any security lapses in the setup above? I am worried about the following: Does Windows automatically store local copies of files from USBs? If it does, is there any way for these to be accessed by other people when the computer is connected to the web? Does anyone have any recommendations?


    Thank-you
     
  2. patcooke

    patcooke Microsoft MVP
    Staff Member Premium Supporter Microsoft MVP

    Joined:
    May 16, 2010
    Messages:
    5,456
    Likes Received:
    268
    Depending on what software is used to print the documents, whether the printer is set to spool the output and a number of other issues you may well find that the documents/print images are saved in spool files/cache etc.

    But: if the pc is only ever online to update Kaspersky there does not seem to be any need to be running Kaspersky in the first place so why not uninstall Kaspersky and disconnect the pc entirely from any network connection. If you want to ensure that no images from any buffering etc remain on the pc then run something like Ccleaner on a regular basis to remove junk files.

    Another option might be to set up the Linux machine to dual boot Windows and print directly from the Linux machine booted into Windows. That way the data never leaves the secure machine.
     
  3. ussnorway

    ussnorway Windows Forum Team
    Staff Member Premium Supporter

    Joined:
    May 22, 2012
    Messages:
    2,538
    Likes Received:
    316
    The Windows computer stores the docs as part of the print job and if you don't remove that temp folder or someone has placed software on this machine you don't know about then it can send this info when it goes online to do it's updates.

    Agree... this computer should not be going to the internet (period) but could go to a server and that server gets whatever updates are needed from the internet which your computer logs into to get what it needs... in fact, I'd just have the closed system as Kaspersky doesn't add any value to a Linux system anyway.
     
  4. enbeng

    enbeng New Member

    Joined:
    Mar 24, 2015
    Messages:
    4
    Likes Received:
    0
    had not thought of that. However I am concerned about the following:

    I am very careful to never use the USB with any computers other than the two I mentioned. However, others in the office don't work on such sensitive documents and might use their USBs on their personal computers despite policies against it. They use this printing computer as much as I do. I am worried of malware transferring from their USBs to this computer. Even if it is offline, couldn't the malware then transfer documents back onto the infected USBs which might be used on personal computers? I am not very knowledgeable of viruses and I don't know what is or isn't possible.

    Ultimately perhaps I should invest in a second computer only to be used by myself.

    Thanks for the help so far
     

Share This Page

Loading...