Results 1 to 7 of 7
  1. #1
    3 Star Lounger
    Join Date
    Mar 2009
    Location
    Hong Kong
    Posts
    359
    Thanks
    0
    Thanked 0 Times in 0 Posts
    1. What's the best security practice to desensitize and sanitize a Word-based document such as an Affidavit and an investigation report?
    2. What data should be removed from the document before clearing for transmission?
    3. Is it better off producing a duplicate with sensitive data removed instead of sending the original copy?.
    4. How to prevent readers from viewing the comments in Word documents?
    5. How safe is Word's Protect Document feature?
    6. How safe is to transmit Word document in PDF format?
    7. Is there any standard procedure available on the internet?

    Please kindly share your experience with us. Thanks.

    Armstrong

  2. #2
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts
    You can remove personal information by ticking "Remove personal information on save" in the Security tab of Tools | Options (in Word 2002/2003, I don't know what the equivalent in Word 2007 is).
    [attachment=82803:x.png]
    This won't remove comments, but it will remove the name of the author of comments.
    Word's default document protection is easily hacked.

    Others will have to answer your other questions.
    Attached Images Attached Images
    • File Type: png x.png (11.0 KB, 0 views)

  3. #3
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts
    [quote name='armsys' post='764979' date='12-Mar-2009 09:52']1. What's the best security practice to desensitize and sanitize a Word-based document such as an Affidavit and an investigation report?
    2. What data should be removed from the document before clearing for transmission?
    3. Is it better off producing a duplicate with sensitive data removed instead of sending the original copy?.
    4. How to prevent readers from viewing the comments in Word documents?
    5. How safe is Word's Protect Document feature?
    6. How safe is to transmit Word document in PDF format?
    7. Is there any standard procedure available on the internet?[/quote]
    You have asked a lot of questions here, and none of them has a simple answer. Especially as you haven't made clear exactly what you need to do with these Word documents.
    1. This question cannot be answered. For maximum security you could format and shred the hard drive that had a copy of the word document, but I suspect you want something a bit less extreme than this so the answer then depends on what data you need to preserve and what you want to get rid of.
    2. This is a business question, not a technical one. In general Word is not a suitable format for sharing with people that you do not completely trust, you could print the documents and send hard copies, or at least convert to a format such as PDF. Another alternative is to set the check box under Tools > Options > Security that is marked "Remove personal information from file properties on save".
    3. Do not send Word documents to people you don't completely trust, it is too hard to remove sensitive data.
    4. The only way to prevent people from viewing comments is to delete them, but again I would suggest that you don't send them Word documents that have had comments in since it is so hard to be sure that there are no remnants of the comments in the file metadata.
    5. In recent versions of Word, the password to open a document uses fairly secure encryption algorithms . You need to make sure that you have specified a mode that uses decent encryption, and is therefore not compatible with older versions of Word, and you must use a strong password (not in a dictionary, upper and lower case and numbers and punctuation marks, at least 12 characters long etc.).
    6. Converting Word to PDF is a good idea if you want to make sure you don't accidentally send any metadata with the document.
    7. I don't know of a standard procedure, it all depends on how much you want to spend, how much time you have, how sensitive your data is. In an extreme case you could even get someone to completely retype your documents on a clean computer and send documents from there. There are many articles on the web, and quite a few of them (like this one) are based on old articles from Woody's Office Watch.

  4. #4
    3 Star Lounger
    Join Date
    Mar 2009
    Location
    Hong Kong
    Posts
    359
    Thanks
    0
    Thanked 0 Times in 0 Posts
    [quote name='StuartR' post='764986' date='12-Mar-2009 18:38']You have asked a lot of questions here, and none of them has a simple answer. Especially as you haven't made clear exactly what you need to do with these Word documents...[/quote]
    Hi StuartR,
    Thanks for your thought-provoking feedback. My objective here is learn about the practical Word security practice actually implemented on a daily basis. It must be simple to run. That's, what would most corporates and attorneys would do when sending out Word documents?
    Some of your descriptions appear to be highly speculative/theorectical and, thus, unhelpful.
    Thank you for pointing me to a very useful URL http://addbalance.com/usersguide/metadata.htm.
    Thanks.

    Regards,
    Armstrong

  5. #5
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts
    [quote name='armsys' post='764999' date='12-Mar-2009 12:13']My objective here is learn about the practical Word security practice actually implemented on a daily basis. It must be simple to run.[/quote]
    I regularly have to provide documents to other organizations. I never send Word documents, but always convert them to PDF first. I have a standard set of Acrobat settings that ensures I don't convert comments etc.

    On the rare occasion when I do have to send editable Word documents I set the Security option to "Remove personal information ..." and save the document as an .RTF file.

  6. #6
    3 Star Lounger
    Join Date
    Mar 2009
    Location
    Hong Kong
    Posts
    359
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi StuartR,
    Thanks for your sharing your Word doc security with us.
    My Word 2007 security procedure:
    1. Proof the doc.
    2. Check all bookmarks and values in field codes.
    3. Create a duplicate.
    4. Microsoft Office | Prepare | Inspect Document, select all options, click "Inspect". Remove all.
    5. Save the duplicate in PDF.
    6. Password the PDF.

    If you find any vulnerability in the above procedure, please share with us.
    Thanks a lot.

    Armstrong

  7. #7
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    Quote Originally Posted by armsys' post='765023 View Post
    5. How safe is Word's Protect Document feature?
    However, for future reference, in Word 97-2003 the protection applied using Tools > Protect Document is quite fragile. For example, it will not survive a Save As to RTF format. So while it is useful to prevent errors (such as destroying a form) or to encourage use of reviewing tools (such as track changes), it certainly is not a guarantee that users cannot work around those features.

    I am not sure whether Word 2007 has changed anything in this regard. Unless the protection blocks re-saving the document in RTF format, I suspect not.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •