Windows 7 How do I keep sensitive documents from leaking?

enbeng

New Member
I have very sensitive company documents that I have to work with on a daily basis. It is critical that these documents not be accessible by others (mainly competitors).


The documents are created, maintained, and stored on a secure, never online Linux machine. However, a couple of times a week, the documents are transferred via USB to a Windows machine for printing (complex printing that I cannot figure out how to do without going through a Windows machine such as engineering drawings and plotting). This Windows machine occasionally connects to the internet to keep an installation of Kaspersky up to date with the latest virus information, but is otherwise offline. It is never used for any purpose other than printing and presenting on a projector. It is never used for downloading, browsing, or any other risky activities. The computer is NEVER online when any sensitive documents or USBs are attached, and the sensitive documents are never transferred onto the computer from the USB (unless it's done in the background without my knowledge). They always stay on the USB.


Are there any security lapses in the setup above? I am worried about the following: Does Windows automatically store local copies of files from USBs? If it does, is there any way for these to be accessed by other people when the computer is connected to the web? Does anyone have any recommendations?


Thank-you
 
Depending on what software is used to print the documents, whether the printer is set to spool the output and a number of other issues you may well find that the documents/print images are saved in spool files/cache etc.

But: if the pc is only ever online to update Kaspersky there does not seem to be any need to be running Kaspersky in the first place so why not uninstall Kaspersky and disconnect the pc entirely from any network connection. If you want to ensure that no images from any buffering etc remain on the pc then run something like Ccleaner on a regular basis to remove junk files.

Another option might be to set up the Linux machine to dual boot Windows and print directly from the Linux machine booted into Windows. That way the data never leaves the secure machine.
 
The Windows computer stores the docs as part of the print job and if you don't remove that temp folder or someone has placed software on this machine you don't know about then it can send this info when it goes online to do it's updates.

there does not seem to be any need to be running Kaspersky in the first place

Agree... this computer should not be going to the internet (period) but could go to a server and that server gets whatever updates are needed from the internet which your computer logs into to get what it needs... in fact, I'd just have the closed system as Kaspersky doesn't add any value to a Linux system anyway.
 
But: if the pc is only ever online to update Kaspersky there does not seem to be any need to be running Kaspersky in the first place so why not uninstall Kaspersky and disconnect the pc entirely from any network connection.

had not thought of that. However I am concerned about the following:

I am very careful to never use the USB with any computers other than the two I mentioned. However, others in the office don't work on such sensitive documents and might use their USBs on their personal computers despite policies against it. They use this printing computer as much as I do. I am worried of malware transferring from their USBs to this computer. Even if it is offline, couldn't the malware then transfer documents back onto the infected USBs which might be used on personal computers? I am not very knowledgeable of viruses and I don't know what is or isn't possible.

Ultimately perhaps I should invest in a second computer only to be used by myself.

Thanks for the help so far
 
Back
Top