<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<br>
On 01/03/2012 11:04, <a class="moz-txt-link-abbreviated" href="mailto:patrick.gaikowski@kaufland.com">patrick.gaikowski@kaufland.com</a> wrote:
<blockquote
cite="mid:OF72C106AA.7FCC7076-ONC12579B4.003C92F9-C12579B4.003CD0DC@de.int.kaufland"
type="cite">
<p><font face="sans-serif" size="2">Hello Jules,</font><br>
<br>
<font face="sans-serif" size="2">yes i mean someone working for
my company.</font><br>
<br>
<font face="sans-serif" size="2">My idea would be some kind of
"blacklist" for email domains used in unregistered dropoff. Is
there a possibility to implement it?</font><br>
</p>
</blockquote>
I don't quite see why this is only a problem with "unregistered
users", by which I guess you mean people from your own company who
haven't logged in?<br>
<br>
People who have logged in will be able to do the same.<br>
<br>
Note that ZendTo does log the IP address a drop-off came from, so
you would be able to see who had done it by looking through your
logs.<br>
<br>
Why doesn't the user just copy it onto a USB stick that they have in
their pocket? Surely that's simpler? Or upload it to any of the
various free cloud storage services there are (such as Dropbox,
Evernote, iCloud, SkyDrive, etc etc)?<br>
<br>
Jules.<br>
<br>
<blockquote
cite="mid:OF72C106AA.7FCC7076-ONC12579B4.003C92F9-C12579B4.003CD0DC@de.int.kaufland"
type="cite">
<p>
<br>
<font face="sans-serif" size="2">What other things can a do, not
to prevent it completely, but decrease the possibility.</font><br>
<br>
<font face="sans-serif" size="2">Mit freundlichen Grüßen / Best
regards<br>
<br>
Patrick Gaikowski<br>
Tel: +49 7132 94 3568<br>
Fax: +49 7132 94 73568<br>
E-Mail: <a class="moz-txt-link-abbreviated" href="mailto:patrick.gaikowski@kaufland.com">patrick.gaikowski@kaufland.com</a><br>
KI 967850: IT International / IT Governance / Netzwerk Design
und IT-Sicherheit<br>
Office:<br>
Lindichstrasse 11<br>
D-74189 Weinsberg</font><br>
<br>
<br>
<br>
<font face="sans-serif" size="2"><a moz-do-not-send="true"
href="http://www.kaufland.de">http://www.kaufland.de</a> </font><br>
<font face="sans-serif" size="2"><a moz-do-not-send="true"
href="http://www.spannende-it.de">http://www.spannende-it.de</a></font><br>
<font face="sans-serif" size="2">Wir sind die Nr. 1:</font><br>
<font face="sans-serif" size="2">Kaufland ist "Bester
Lebensmittelmarkt 2011"!</font><br>
<br>
<font face="sans-serif" size="2">Kaufland Informationssysteme
GmbH & Co. KG</font><br>
<font face="sans-serif" size="2">Postfach 12 53 - 74149
Neckarsulm<br>
Kommanditgesellschaft<br>
Sitz: Neckarsulm<br>
Registergericht: Stuttgart HRA 104163</font><br>
<br>
<br>
<br>
<br>
<br>
</p>
<ul style="padding-left: 18pt">
<img src="cid:part3.02020502.00070509@Zend.To" alt="Inactive
hide details for Jules ---01.03.2012 10:28:39---Jules
<Jules@zend.to>" border="0" height="16" width="16"><font
color="#424282" face="sans-serif" size="2">Jules ---01.03.2012
10:28:39---Jules <a class="moz-txt-link-rfc2396E" href="mailto:Jules@zend.to"><Jules@zend.to></a></font>
</ul>
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr valign="top">
<td width="40%">
<ul style="padding-left: 9pt">
<font face="sans-serif" size="1"><b>Jules
<a class="moz-txt-link-rfc2396E" href="mailto:Jules@zend.to"><Jules@zend.to></a></b></font><font
face="sans-serif" size="1"> </font><br>
<font face="sans-serif" size="1">Gesendet von:
<a class="moz-txt-link-abbreviated" href="mailto:zendto-bounces@zend.to">zendto-bounces@zend.to</a></font>
<p><font face="sans-serif" size="1">01.03.2012 10:25</font>
<table border="1">
<tbody>
<tr valign="top">
<td bgcolor="#FFFFFF" width="168">
<ul style="padding-left: 0pt">
<font face="sans-serif" size="1">Bitte
antworten an<br>
ZendTo Users <a class="moz-txt-link-rfc2396E" href="mailto:zendto@zend.to"><zendto@zend.to></a></font>
</ul>
</td>
</tr>
</tbody>
</table>
</p>
</ul>
</td>
<td width="60%">
<table border="0" cellpadding="0" cellspacing="0"
width="100%">
<tbody>
<tr valign="top">
<td valign="middle" width="1%"><img
src="cid:part4.08010504.07020900@Zend.To" alt=""
border="0" height="1" width="66"><br>
</td>
<td width="100%"><img
src="cid:part4.08010504.07020900@Zend.To" alt=""
border="0" height="1" width="1"><br>
<font face="sans-serif" size="1">ZendTo Users
<a class="moz-txt-link-rfc2396E" href="mailto:zendto@zend.to"><zendto@zend.to></a></font></td>
</tr>
<tr valign="top">
<td valign="middle" width="1%"><img
src="cid:part4.08010504.07020900@Zend.To" alt=""
border="0" height="1" width="66"><br>
</td>
<td width="100%"><img
src="cid:part4.08010504.07020900@Zend.To" alt=""
border="0" height="1" width="1"><br>
</td>
</tr>
<tr valign="top">
<td valign="middle" width="1%"><img
src="cid:part4.08010504.07020900@Zend.To" alt=""
border="0" height="1" width="66"><br>
<div align="right"><font face="sans-serif"
size="1">Thema </font></div>
</td>
<td width="100%"><img
src="cid:part4.08010504.07020900@Zend.To" alt=""
border="0" height="1" width="1"><br>
<font face="sans-serif" size="1">[ZendTo] Re:
Security Issue - Data Leakage Prevention</font></td>
</tr>
</tbody>
</table>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr valign="top">
<td width="58"><img
src="cid:part4.08010504.07020900@Zend.To" alt=""
border="0" height="1" width="1"></td>
<td width="336"><img
src="cid:part4.08010504.07020900@Zend.To" alt=""
border="0" height="1" width="1"></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<br>
<font face="serif" size="3">By "unregistered user" do you mean
someone who works for your company? If so, ZendTo won't stop
them stealing files from your company. No-one can stop that
unless you cavity search your employees at the end of each
working day.<br>
<br>
Jules.<br>
<br>
On 29/02/2012 17:06, </font><a moz-do-not-send="true"
href="mailto:patrick.gaikowski@kaufland.com"><font
color="#0000FF" face="serif" size="3"><u>patrick.gaikowski@kaufland.com</u></font></a><font
face="serif" size="3"> wrote: </font>
<ul style="padding-left: 36pt">
<br>
<font face="sans-serif" size="2">Hallo Jules,</font><font
face="serif" size="3"><br>
</font><font face="sans-serif" size="2"><br>
one of my colleagues pointed a scenario out where he could
upload a file to outside the company without rights to do it.</font><font
face="serif" size="3"><br>
</font><font face="sans-serif" size="2"><br>
For us it is a big security issue!</font><font face="serif"
size="3"><br>
</font><font face="sans-serif" size="2"><br>
1.) unregistered user clicks on Drop-Off and sends an email to
his company email address<br>
2.) unregistered user uploads a file from company network to
his own company email address<br>
3.) unregistered user forwards the upload information to his
private email address from Mail Client<br>
4.) unregistered user Picks up the file from his private PC</font><font
face="serif" size="3"><br>
</font><font face="sans-serif" size="2"><br>
My question is, if it is possible to exclude the company email
domains, like defined in preferences.conf, from getting an
upload link to corporate email without Authorization? </font><font
face="serif" size="3"><br>
</font><font face="sans-serif" size="2"><br>
Mit freundlichen Grüßen / Best regards<br>
<br>
Patrick Gaikowski<br>
Tel: +49 7132 94 3568<br>
Fax: +49 7132 94 73568<br>
E-Mail: </font><a moz-do-not-send="true"
href="mailto:patrick.gaikowski@kaufland.com"><font
color="#0000FF" face="sans-serif" size="2"><u>patrick.gaikowski@kaufland.com</u></font></a><font
face="sans-serif" size="2"><br>
KI 967850: IT International / IT Governance / Netzwerk Design
und IT-Sicherheit<br>
Office:<br>
Lindichstrasse 11<br>
D-74189 Weinsberg</font><font face="serif" size="3"><br>
<br>
</font><font color="#0000FF" face="sans-serif" size="2"><u><br>
</u></font><a moz-do-not-send="true"
href="http://www.kaufland.de/"><font color="#0000FF"
face="sans-serif" size="2"><u>http://www.kaufland.de</u></font></a><font
face="sans-serif" size="2"> </font><font color="#0000FF"
face="sans-serif" size="2"><u><br>
</u></font><a moz-do-not-send="true"
href="http://www.spannende-it.de/"><font color="#0000FF"
face="sans-serif" size="2"><u>http://www.spannende-it.de</u></font></a><font
face="sans-serif" size="2"><br>
Wir sind die Nr. 1:<br>
Kaufland ist "Bester Lebensmittelmarkt 2011"!</font><font
face="serif" size="3"><br>
</font><font face="sans-serif" size="2"><br>
Kaufland Informationssysteme GmbH & Co. KG<br>
Postfach 12 53 - 74149 Neckarsulm<br>
Kommanditgesellschaft<br>
Sitz: Neckarsulm<br>
Registergericht: Stuttgart HRA 104163</font><font face="serif"
size="3"><br>
<br>
<br>
<br>
<br>
<br>
</font>
<p><br>
<tt><font size="3">_______________________________________________<br>
ZendTo mailing list<br>
</font></tt><a moz-do-not-send="true"
href="mailto:ZendTo@zend.to"><tt><font color="#0000FF"
size="3"><u>ZendTo@zend.to</u></font></tt></a><tt><font
size="3"><br>
</font></tt><a moz-do-not-send="true"
href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto"><tt><font
color="#0000FF" size="3"><u>http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</u></font></tt></a></p>
</ul>
<br>
<tt><font size="3">Jules<br>
<br>
-- <br>
Julian Field MEng CITP CEng<br>
</font></tt><a moz-do-not-send="true" href="http://www.zend.to/"><tt><font
color="#0000FF" size="3"><u>www.Zend.To</u></font></tt></a><tt><font
size="3"><br>
<br>
Follow me at twitter.com/JulesFM<br>
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415
B654<br>
<br>
'It's okay to live without all the answers' - Charlie Eppes,
2011<br>
'All programs have a desire to be useful' - Tron, 1982<br>
'That is the land of lost content,<br>
I see it shining plain,<br>
The happy highways where I went,<br>
And cannot come again.' - A.E. Houseman<br>
</font></tt><tt><font size="2">_______________________________________________<br>
ZendTo mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a><br>
</font></tt><tt><font size="2"><a moz-do-not-send="true"
href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></font></tt><br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
ZendTo mailing list
<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a>
<a class="moz-txt-link-freetext" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">Jules
--
Julian Field MEng CITP CEng
<a class="moz-txt-link-abbreviated" href="http://www.Zend.To">www.Zend.To</a>
Follow me at twitter.com/JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
'It's okay to live without all the answers' - Charlie Eppes, 2011
'All programs have a desire to be useful' - Tron, 1982
'That is the land of lost content,
I see it shining plain,
The happy highways where I went,
And cannot come again.' - A.E. Houseman
</pre>
</body>
</html>