Document Security. ados.com. www.therefore.net. 2009 ADOS Corporation. 2009 ADOS Corporation



Similar documents
Document Management Getting Started Guide

How to Install CoSign Connector for SharePoint

Sophos for Microsoft SharePoint Help

Backup and Restore with 3 rd Party Applications

Absorb Single Sign-On (SSO) V3.0

Eurobackup PRO Exchange Databases Backup Best Practices

Authorize.net modules for oscommerce Online Merchant.

Can You Recover Active Directory from a Disaster?

Monitor file integrity using MultiHasher

StruxureWare Power Monitoring 7.0. Side By Side Upgrade Guide For Distributed Systems

CrashPlan Security SECURITY CONTEXT TECHNOLOGY

Sophos for Microsoft SharePoint Help. Product version: 2.0

Windows Server 2008 R2 Boot Manager Security Policy For FIPS Validation

Analyst 1.6 Software. Laboratory Director s Guide

Analyzing Network Servers. Disk Space Utilization Analysis. DiskBoss - Data Management Solution

Using Entrust certificates with Microsoft Office and Windows

Perceptive Content Security

How to Time Stamp PDF and Microsoft Office 2010/2013 Documents with the Time Stamp Server

Moving the Web Security Log Database

Feature and Technical

Compliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION

SafeGuard Enterprise upgrade guide. Product version: 7

File Server Migration

Configuring Security Features of Session Recording

Adobe Digital Signatures in Adobe Acrobat X Pro

SysPatrol - Server Security Monitor

Digital Signatures on iqmis User Access Request Form

Full Compliance Contents

SafeGuard Enterprise upgrade guide. Product version: 6.1

Therefore Technical Guide. you can. Internal Sales Tool

Digital Signature User Guide for Acrobat 9.0 and Adobe Reader 9.0

How To Use The Cosign Connector For Sharepoint For A Digital Signature

BackupAssist v6 quickstart guide

Log Server Error Reference for Web Protection Solutions

Transitioning Your School Account

Backup and Recovery in Laserfiche 8. White Paper

1 of 10 1/31/2014 4:08 PM

Database Administration

FILEHOLD DOCUMENT MANAGEMENT SYSTEM 21 CFR PART 11 COMPLIANCE WHITE PAPER

DIGIPASS CertiID. Getting Started 3.1.0

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started

WINDOWS SERVER SMALL BUSINESS SOLUTIONS. Name: Marko Drev

X.509 Certificate Generator User Manual

Application Notes for Configuring a SonicWALL Continuous Data Protection (CDP) backup solution with Avaya Voic Pro - Issue 1.

SafeNet MSSQL EKM Provider User Guide

JAMF Software Server Installation Guide for Windows. Version 8.6

Database Administration Guide

BackupAssist v6 quickstart guide

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

How To Restore Your Data On A Backup By Mozy (Windows) On A Pc Or Macbook Or Macintosh (Windows 2) On Your Computer Or Mac) On An Pc Or Ipad (Windows 3) On Pc Or Pc Or Micro

FileMaker Security Guide The Key to Securing Your Apps

ImageNow User Getting Started Guide

Gold Lock Desktop. User Manual. Follow these simple steps to install, configure, and use Gold Lock Desktop.

Web Security Log Server Error Reference

SonicWALL CDP 5.0 Microsoft Exchange InfoStore Backup and Restore

Office of Information Technologies (OIT)

FileMaker Security Guide

Xerox DocuShare Security Features. Security White Paper

Agency Pre Migration Tasks

NSS Volume Data Recovery

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

UNICORN 7.0. Administration and Technical Manual

VMware Mirage Web Manager Guide

4D v11 SQL Release 6 (11.6) ADDENDUM

GlobalSign Enterprise Solutions

Wazza s QuickStart 15. Leopard Server - Disaster Backup

Installing your Digital Certificate & Using on MS Out Look 2007.

Perceptive Intelligent Capture Solution Configration Manager

Telelogic DASHBOARD Installation Guide Release 3.6

SQL Server 2005 Advanced settings

Symantec Enterprise Vault for Microsoft Exchange

NetBackup Backup, Archive, and Restore Getting Started Guide

Moving the TRITON Reporting Databases

Vyapin Office 365 Management Suite

User Migration Tool. Note. Staging Guide for Cisco Unified ICM/Contact Center Enterprise & Hosted Release 9.0(1) 1

TSM Studio Server User Guide

McAfee EETech for Mac 6.2 User Guide

Certificates and SSL

DigitalPersona Privacy Manager Pro

NovaBACKUP xsp Version 12.2 Upgrade Guide

efolder BDR for Veeam Cloud Connection Guide

Published. Technical Bulletin: Use and Configuration of Quanterix Database Backup Scripts 1. PURPOSE 2. REFERENCES 3.

Symantec Backup Exec 2010 R2. Quick Installation Guide

Document Digital Signature

Power Update - Documentation Power Update Manager

Planning Your Installation or Upgrade

TPM. (Trusted Platform Module) Installation Guide V2.1

Microsoft Dynamics GP. econnect Installation and Administration Guide Release 9.0

Enterprise Content Management with Microsoft SharePoint

Desktop Management, Profile Migration and Cross Platform Delivery. Technical Overview

AuthentiMax Software for GloMax -Multi+

Course Outline: Course 10165: Updating Your Skills from Microsoft Exchange Server 2003 or Exchange

Declaration of Conformity 21 CFR Part 11 SIMATIC WinCC flexible 2007

Exchange Migration Guide

NovaBACKUP xsp Version 15.0 Upgrade Guide

Microsoft Dynamics GP econnect Installation and Administration Guide

CA Nimsoft Service Desk

Table of Contents Introduction and System Requirements 9 Installing VMware Server 35

4cast Server Specification and Installation

TECHNICAL REFERENCE GUIDE

Transcription:

Document Security www.therefore.net ados.com

Table of Contents 1. Int roduct ion 2. Managing Securit...4 y of Therefore Document s 3. St orage of Therefore...5 Document s...3 3. 1 Composit e Files...5 3. 2 St orage Loc at ions...6 4. Digit al Signat ures...7 5. Logging...8 Mic rosoft and Exc el are either registered trademarks or trademarks of Mic rosoft Corporation in the United States and/or other c ountries.

Introduction 1. Introduction Security of documents is a fundamental issue in any document management system; this white paper details how Therefore handles this crucial topic. It starts by detailing how user and group rights are managed; continues with how documents are securely stored, then details how document integrity is ensured through means of document signatures, and finally looks at how Therefore handles logging. 33

Managing Security of Therefore Documents 2. Managing Security of Therefore Documents Therefore has an extensive rights access system which is managed via the Therefore Solution Designer. Objects are displayed using a tree-view, which enables rights to be given and inherited at various levels, including folders, sub folders, category, sub-category and then right down to single document level. Integration with Windows integrated security (Active Directory, or Workgroups) simplifies selection of users and groups, and customizable permission sets, which group related rights, further simplifies the process of rights assignment. For more details on assigning rights please refer to the Therefore Administration Manual. Furthermore, Therefore offers a rights server which makes it possible to implement an external rights server and enforce customer specific access rules. 4

Storage of Therefore Documents 3. 3.1 Storage of Therefore Documents Composite Files Therefore uses a non-proprietary composite file based on the Open Packaging Convention (open XML) and is part of the Office Open XML Standard (Microsoft, ISO). This is the same format as used by Microsoft Office (.docx, xlsx, etc.). This allows a single document to consist of multiple single files (e. g. a Microsoft Word document and Microsoft Excel sheet can make up one Therefore compound document). Index information and digital signatures form part of the compound file which carries the extension ".thex". In a worst case scenario, this makes it possible, to rebuild a system from the stored compound documents. The compound file can be opened using standard unzip software. 55

Storage of Therefore Documents 3.2 Storage Locations When the Therefore server receives a document it is initially stored in the local buffer folder. A migration schedule then triggers a migration policy which moves documents from the buffer to a final storage location. The Solution Designer allows for the configuration of when migration should occur and to what media documents should be moved. Therefore allows for, and recommends, the use of both primary and backup storage. Therefore verification tools enable administrators to ensure that all documents are accessible on primary and backup media. In the case of one storage location being corrupted or destroyed (e.g. disk crash), it can be repaired or replaced using the other. Security of documents stored on external devices is ensured by requiring that only the Therefore Server service needs access to these locations. All normal users can be barred from accessing the documents directly from these storage locations. 6

Digital Signatures 4. Digital Signatures The Therefore signs every document immediately after receiving it. When a user retrieves a document, the signature is verified by Therefore to guarantee that it is the original. Even the customer's system administrator cannot sign a changed document. The signature comprises the following data, which is cannot be changed without invalidating the signature. - All pages of the document (tiff, pdf, word, ) - Timestamp - Name of the Therefore Server - ID of the used key - Username who triggered the archive operation - Document number The signature is stored within ".thex" document files and is created using a standard signing algorithm which computes the MD5 Hash and then encrypts this hash value with the RSA algorithm. Therefore generates an RSA key using the Microsoft Crypt API (length is configurable, default=800 bit). The private key is stored in the operating system only and is not exportable (i.e. no one can export the key and store it for later abuse). A key-pair is re-created every 30 days (time configurable) and the old private key is deleted, making it impossible to sign a document with the old key. The public key is stored in the Therefore database and is used during signature verification. On retrieval of a document the server re-computes the MD5 Hash and then verifies the signature. Only documents with valid signatures are sent to the client; however, administrators can be given rights to bypass this check in order to analyse invalid documents. Users with sufficient rights can check a document out edit it and check it back in as an edited version. This edited version is saved as new document version with new digital signature. Old document versions together with their digital signatures are retained and can be inspected using the Therefore Viewer. 77

Logging 5. Logging The Message Viewer in the Therefore Console provides the ability to view logged events and track a number of user operations. In addition Server logging writes detailed logs depending on the Server Logging settings in the Solution Designer. These logs are automatically stored in the Therefore Logfiles category which is in the Sys tems folder. 8

Logging 99

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information