Section 15.6. Security


15.6. Security

Security means different things to different people. For some folks, security means never, ever, ever letting PowerPoint files off the company's intranet for any reason. For others, it simply means stripping out sensitive material (page 430) before slapping it up on the Web for the whole world to see.

The security measures you'll want to take to protect the PowerPoint files you distribute for review depend both on your company's security policies, and on the content of your slideshow. If your slideshow contains details of a top-secret product launch, you'll take stricter measures than if your slideshow contains a standard sales pitch.

Thanks to uncontrollable circumstances such as hardware failures, hackers, and viruses, there's no security strategy in the world that's going to protect your files 100 percent of the time. But PowerPoint gives you three different ways to protect most of your files most of the time: by creating hard-to-edit versions of your files, by creating impossible -to-edit versions of your files (in other words, by attaching a digital signature to your files), and by using Microsoft's Information Rights Management program.

15.6.1. Creating Hard-to-Edit Versions of Your File

The simplest (albeit least secure) way to keep folks from changing your slideshow is to give them a version of your presentation file that's hard to change. For example, if you save your PowerPoint file as a PDF file (a file bearing the .pdf file extension), then most folks can view it using the free Adobe Reader that works with Internet Explorer. But because most folks don't have a copy of the pricier Adobe Acrobat (or another PDF editing program) installed on their computers, they can't change the PDF version of your slideshow. (Adobe offers the Reader available for free download at www.adobe.com/products/acrobat/readstep2.html.)

Now, because someone who's determined to edit the PDF version of your slideshow can do so simply by purchasing a copy of a PDF editor, this security option only makes sense in situations where you're trying to prevent folks from changing your slideshow file accidentally . Say you're distributing your slideshow to a bunch of reviewers who know the subject matter of your presentation inside and out, but aren't familiar with PowerPoint. Unlike finalizing your presentation file (page 437), sending them a PDF version of your file makes it impossible for your reviewers to accidentally find and click PowerPoint's Mark As Final option and then start messing with your slides.


Note: Before you can create a PDF version of your PowerPoint file as shown in this section, you first need to head to www.microsoft.com/downloads and download and install a copy of the 2007 Microsoft Office Add-in: Microsoft Save as PDF or XPS add-in program.

To create a PDF version of your presentation file:

  1. Office button Save As PDF or XPS

    The "Publish as PDF or XPS" dialog box appears. As you can see in Figure 15-9, PowerPoint prefills the "File name" box with the name of your presentation file and the "Save as type" box with the .pdf file extension.

  2. Click Publish.

    The "Publish as PDF or XPS" dialog box disappears, and PowerPoint creates a .pdf version of your presentation file.

Figure 15-9. Make sure you don't change the contents of the "Save as type" box before you click Publish. Another way to save your presentation as a PDF file is to click Office button Save and then, from the Save dialog box that appears, to select PDF from the "Save as type drop-down list.


15.6.2. Password-Protecting Your File

PowerPoint goes finalizing your presentation file one step further by letting you protect your file with passwords. You can set up a single password to control who opens and edits your presentation or, if you like, you can set up two separate passwords so that folks have to jump through two separate hoops to open the presentation and then to edit it.

Password protection isn't bulletproof; in other words, any hacker with her salt can find a way around it. But it should do the trick in those cases where your presentation file doesn't contain state secrets.


Note: If bulletproof protection's what you're looking for, check out the section on Information Rights Management (page 447).

You've got two options for password-protecting your file. One (the easiest ) is to use PowerPoint's Encrypt Document option, which lets you set a single password to control opening and editing your file. The other option is to set up separate passwords for opening the file, and for editing it.

15.6.2.1. Setting up a single password
  1. Select Office button Prepare Encrypt Document.

    The Encrypt Document dialog box you see in Figure 15-10 (left) appears.

  2. In the Password box, type in the password you want to use.

    As you type, PowerPoint displays each digit as a little dot (just in case someone's looking over your shoulder).

  3. Click OK.

    The Confirm Password dialog box (Figure 15-10, right) appears.

    Figure 15-10. Left: As with all passwords, don't trust your memory: write down the password you're setting for this document and keep it somewhere safe.
    Right: If you don't retype the password exactly, PowerPoint redisplays the Confirm Password dialog box and gives you another shot.


  4. Retype your password and click OK.

    The Confirm Password dialog box disappears, and PowerPoint assigns the password to your file. The next time you (or anyone else) opens the document, the dialog box shown in Figure 15-11 appears.

    Figure 15-11. Unless your presentation contains sensitive information, password-protecting your file is probably all the security you need.


15.6.2.2. Setting up different passwords for opening and editing
  1. Choose Office button Save As.

    The Save As dialog box appears.

  2. Head to the bottom of the Save As dialog box, click the Tools button, and then, from the menu that appears, choose General Options.

    The General Options dialog box you see in Figure 15-12 appears.

    Figure 15-12. Turning on the checkbox in the Privacy Options section removes document properties, which you don't have to do if you've already removed them using the Document Inspector dialog box (see page 431). Clicking Macro Security scoots you to PowerPoint's Trust Center window (page 424), where you can customize your security settings.



    Note: If you've previously set a password using the Encrypt Document option (page 442), that password appears in the "Password to open" box in the General Options dialog box.
  3. In the "Password to open" box, type in the password you want to use to control who gets to open the file. In the "Password to modify" box, type in the password you want to use to control who gets to edit the file. Click OK.

    Two Confirm Password dialog boxes appear one after the other: one asking you to retype the open password, and one asking you to retype the edit password.

  4. When each dialog box appears, retype the requested password and click OK.

    The second Confirm Password dialog box disappears, and PowerPoint assigns both passwords to your file. The next time you (or anyone else) opens the document, the password-requesting dialog box shown back in Figure 15-11 appears. Attempt to edit the document, and another dialog box appears, this one requesting the other password.

15.6.3. Attaching Digital Signature to Files

Digital signatures aren't new in the world of computers, but they're new in PowerPoint 2007. Digitally signing your PowerPoint file accomplishes two things: it lets the recipients of your slideshow file know if a hacker tampered with the file on its way from you to them, and it keeps your recipients from changing the file.

Here's how digital signatures work:

  1. Purchase a digital certificate , or digital ID , from one of several certificate issuing authorities.

    Some companies are so huge they have their own certificate issuing authorities; some governments do, too. If you don't have a preference, PowerPoint lists a handful of certificate issuing authorities you can choose from (see page 445, Figure 15-13).

  2. Attach your digital certificate to your PowerPoint file.

    Confusingly, PowerPoint refers to this step as attaching a digital signature to your file. (Technically, you're adding your digital certificate to the file; a digital signature is the combination of your digital certificate and the contents of your file.)

  3. Distribute your PowerPoint file as normal, via email, CD/DVD, or by storing it on a network.

    Because digital certificates are included directly in your PowerPoint file, you don't have to keep track of anything extra, and the added file size is minimal.

  4. When your recipient opens your PowerPoint file, PowerPoint displays a certificate icon in the status bar .

    If your recipient changes your file, PowerPoint invalidates the digital signature so that you know at a glance that the file you sent out isn't the same as the one that's coming back.

To attach a digital signature (technically, a digital certificate) to your PowerPoint file:

  1. Choose Office button Prepare Add a Digital Signature.

    If you haven't previously purchased or created a digital certificate, PowerPoint displays the informational message shown in Figure 15-13.

    Figure 15-13. This dialog box gives you the opportunity to purchase a digital signature from one of Microsoft's partners . After you've purchased a digital signaturewhether from a Microsoft partner or some other companyfeel free to turn on the "Don't show this message again" checkbox.


  2. If you don't already have a digital signature, click Signature Services from the Office Marketplace.

    PowerPoint launches a browser window listing a bunch of certificate issuing authorities. Click to select the one you want, and then follow the company-specific instructions that appear.

    And if you already have a digital signature (or prefer to launch your Web browser right now, then do a little research, download one on your own, and then come back to PowerPoint), just click OK instead.

    Either way, when you finish, PowerPoint displays the Signature dialog box shown in Figure 15-14.

    Figure 15-14. After you've purchased a digital certificate, this is the dialog box you see. Typing in a statement describing your purpose for signing this particular document isn't necessarybasically, it's always going to be "so folks can't mess with the file"but it doesn't hurt, either.


  3. If you like, type a statement of intent into the "Purpose for signing this document" box; then click Sign.

    The Signature Confirmation dialog box (Figure 15-15) appears.

    Figure 15-15. If you understand how digital signatures work, you really don't need to see this reminder every time you sign a file. (The certificate icon PowerPoint displays in the status bar lets you know you've successfully signed a file.) Nix future appearances of this pop-up reminder by turning on the checkbox next to "Don't show this message again."


  4. Click OK.

    The Signature Confirmation dialog box disappears, a certificate icon appears in the status bar (Figure 15-16, left), and PowerPoint automatically marks your presentation file as final.

UP TO SPEED
The Least You Need to Know About Digital Signatures

Look up "digital signatures" on the Web, and you're immediately inundated by scholarly articles nattering on about public keys, private keys, encryption schemes and algorithms, and a gazillion other nitty-gritty details that few folks can understand (and fewer need to).

Here's all you need to know about how digital signatures work:

  • A digital signature consists of the contents of the file you're signing, plus a digital certificate.

  • A digital certificate is a virtual snapshot of your computer that identifies it uniquely. For example, a digital certificate includes information that describes the version of Windows you are running, what kind of monitor that you are using, your computer's IP address, and much more. When you buy a digital certificate, the issuing authority takes this virtual snapshot and keeps it on file. Then, when you go to digitally sign a file, the issuing authority takes another snapshot of your computer, compares it to the one it's got on file, andif everything checks outgives the go-ahead to digitally sign your file.

  • Anyone who alters the signed file in any way invalidates the file's digital signature. So your recipients can feel confident that a file that reaches them with your digital signature intact is a presentation file that came straight from you, and not a presentation file containing a Trojan Horse or other nasty sent by an unscrupulous virus-writer.


When your recipient opens your digitally signed PowerPoint file, a certificate icon appears in the status bar. Double-clicking the certificate icon displays the Signature pane, which lists a description of the certificate. (You can also display the Signature pane by choosing Office button Prepare View Signatures.)


Note: The View Signatures option appears only if you've added a digital certificate to the current presentation.

The instant your recipient tries to edit or un-finalize the file, PowerPoint pops up a message telling him that editing the file will invalidate the attached signatures. If he goes ahead and edits the file anyway, PowerPoint leaves the signatures attached, but lists them as invalid in the Signature pane (Figure 15-16, right).

Figure 15-16. Left: The certificate icon that appears in the status bar is a quick way to tell that the file's been digitally signed. In that case, choose Office button Prepare View Signatures to see signature- related information.
Right: The Signatures pane shows a list of all the digital signatures applied to the current file. Invalidating a digital signature (by editing the file) doesnt remove the digital signature shown here; instead, it changes Valid to Invalid and highlights the signature in bright red.



Note: To see a more detailed description of a digital certificate, in the Signatures panel, click a signature; then, from the drop-down menu that appears, choose Signature Detail View.
15.6.4. Using Information Rights Management

Microsoft's Information Rights Management (IRM) options let you password-protect your slideshows. If you routinely add company-confidential, copyrighted , or other sensitive material to your slides, IRM can help ensure that no one else can use or take credit for that information.

IRM lets folks see your slideshow, but that's about it. Unless you grant specific permission to individual folks, they can't forward it, copy it, edit it, or even cut-and-paste it into a document where they can edit it. They can't fax or print your IRM-protected slideshow, and they can't use Windows' built-in Print Screen option to print any part of it. If you like, you can even time-bomb a slideshow, meaning that you can give, say, your team members exactly five days to review and make changes to a slideshow. After the five days are up, boomno more changes. At that point, your PowerPoint file can't be distributed or altered .

Unfortunately, because folks can still see your IRM-protected slideshow, you can't keep them from hand-copying it or snapping a digital picture of it. And the program hasn't been devised that can protect a file from viruses, Trojan Horses, and other malicious programs.

To protect your files with IRM, you have to be running a Windows server, and you have to download and install the Windows Rights Management Services client (www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx). Once you've done all that, selecting Office button Prepare Restrict Permission As displays a dialog box that lets you type in the email addresses of all the folks you want to be able to read or edit your slideshow.




PowerPoint 2007
PowerPoint 2007
ISBN: 1555583148
EAN: N/A
Year: 2006
Pages: 129

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net