Computer stolen--How to secure data and disable S/R?

Question

Working in a sensitive situation, a team member’s Windows computer has been stolen. It is very possible someone is trying to access the team’s PT data and user information.

What needs to be done now to secure the PT data and PT user information?

For instance, with physical access to the machine I would assume the attacker will be able to get past the Windows user log in and have full access to PT as the registered user. I would not want S/R to go to that machine anymore.

Do we simply register a new user and change the project settings to take the original user account away? What else?

Answer 1

Your idea is the best I can think of for Paratext 7.

Once everyone gets the updated user permissions, they will stop receiving
changes from the old user and if the person with the computer does a send
receive, they will be removed from the project.

John+Wickberg
Paratext Support

Comments

I have a question on the order of things here. Let’s say:

· The Admin removes the potentially malicious user from the project and does an Internet S/R.

· The malicious user makes malicious changes (before doing an Internet S/R to receive the updated Users, Roles, and Permissions), and then they do an Internet S/R.

Are the changes from the malicious user uploaded before the changes to Users, Roles, and Permissions are received and processed? Or, does Paratext see that the malicious user was removed from the project and therefore does not allow the malicious user to upload changes?

Thanks,

SIL+LSS+PNG

---

I would assume that when the Project administrator does a
(subsequent) Send/Recv, he/she will be notified of any changes that
any of the users have made. So if changes appear from the
rogue/malicious user, it would be easy enough to say "Undo changes"
in that dialog box to remove any changes that they have made. (and
after their final s/r there shouldn’t ever be anything else coming
through from them).

Mark

---

SIL+LSS+PNG:

Are the changes from the malicious user uploaded before the changes to Users, Roles, and Permissions are received and processed? Or, does Paratext see that the malicious user was removed from the project and therefore does not allow the malicious user to upload changes?

Paratext 7 and 8 always contact the server before doing a S/R to check the permissions set by the administrator so if the admin removes them from the project, that user should not be able to do a S/R and their changes will not be seen by other users.
However, security in Paratext 7 is not quite as tight as in 8, so I wouldn’t say there is no possible way that someone couldn’t contaminate the project if they tried hard enough. I would still pay attention to changes coming in and make sure no changes are done by that user.

---

I can’t tell in the email history if this was mentioned but you can also
tick “Administrator must receive changes before they are received by
others” to keep control of things for a little while. But remove it as soon
as you can because it clogs things up a lot normally.

Blessings,

Shegnada J.

Language Technology and Publishing Coordinator, Nigeria

Text Processing Specialist GPS Dallas

Skype: Shegnada.SIL+LSS+PNG.

+[Phone Removed]