July 21st, 2005, 03:45 PM
use of USB drives
in my organisation, we have alot PC's installed with Windows and comes with USB slots
I have to come up with a way or some tools that can help me to secure
USB drives such that the staff cannot use the drive for unauthorized copying of
files and bring back home.
any recommendations on software or hardware solutions ?
July 21st, 2005, 03:50 PM
Someone please correct me if I am wrong,
But I believe via the Device Manager, you can disable USB ports?
Difficult takes a day, Impossible takes a week~Kthln01!
July 21st, 2005, 04:00 PM
Experience is something you don't get until just after you need it.
July 21st, 2005, 04:46 PM
Please remember that this needs to be part of a comprehensive solution. There are read/write CDs and the 3.5" floppy as well. And you need to watch your e-mail for large attachments.
July 21st, 2005, 04:59 PM
Originally posted here by nihil
Please remember that this needs to be part of a comprehensive solution. There are read/write CDs and the 3.5" floppy as well. And you need to watch your e-mail for large attacments.
I agree with nihil. If you have an environment where this is an issue, you need to look at a holistic solution to plug all holes. Also you need to essentially look for a balance of functionality of your system and the level of security. Some of this you can obtain via technology and some you obtain via policy. I work in an environment with similar requirements. Some of the things we have in place are:
1. CD/DVD R/W drives are controlled and only installed on machines that are in open office and in full view. They are not permitted in private offices
2. In very sensitive areas, data transfer points are used. I am not familiar with the tech behind it, but essentially it is a common device, once again in open office area, where people can transfer data to and from disks
3. In the areas mentioned in point 2, a electronic controlled documents register is used. Basically any disk used for storing data is put on a register and tracked during its use until it is destroyed
As I mentioned, you need to weigh up exactly how much protection you need to provide your data and adjust your policy/technology accordingly. The previous suggestion of disabling the USB ports in Device Manager is probably your simpliest option, however you need to make sure the users don't have the ability to re-enable the ports and also don't have a use for any other USB devices.
Hope this helps
July 21st, 2005, 05:43 PM
Check out the following thread, this was discussed at length there. There maybe some ideas for you, but I would read TH13's comment re: jumpdrives, I think he pretty well sum's it up.
July 21st, 2005, 06:03 PM
Let me see what options I have to take a file from my PC...
One, I could use a floppy, ZIP disk or a CD/DVD writer and put the file on it.
Two, I could just email it to my home address, using an encrypted ZIP file format.
Three, I can but an USB device and store it there. This is real interesting since these USB devices can be hidden as anything.
Four, I could connect my PDA through USB or other port and use the storage on my PDA.
Five, if the PC has an CF/SD/Memory stick reader, I could use that for storage.
Six, I could print it out on paper and use OCR software to scan all pages at home again, converting it to text again.
Seven, I could hook up a laptop or PDA to the network (!) and use the network to send the file to my system.
And finally, if an employee does want to take something home with them, you will not be able to stop them anyway. Even if they have to open the PC, take out the harddisk or whatever and then close it... If they want it, they will take it. Do you realise that they could even open the PC, install a second harddisk on any available IDE connector and then start copying files that way?
Personally, I would just tell your employees to NOT copy any files back home and warn them. When caught, it will be considered the same as theft. (And people have been fired for stealing some tape or tipp-ex or a pen or whatever!)
July 22nd, 2005, 03:11 AM
I personally have heard good things about device lock.
take a look
August 2nd, 2005, 10:18 PM
Actually, in my opinion, if you want to block USB access then there's only one option: buy PC's that don't have any USB ports. That should take care of any USB devices that users are installing.
Also keep in mind that if users are administrators on their own system, they will be able to simply bypass any protection on that system. Something like that devicelock would only work with regular user accounts.
And again, it still doesn't stop someone who attempts to steal data from your system. You just stop the regular people from making copies of data. But by making sure the employees understand that they could lose their job if they are making unauthorized copies, you will probably get a positive effect. People will try to bypass security but in general they will be careful not to lose their jobs...
There is another alternative, though... Use Terminal servers. Your employees would just have a dummy terminal while the real hardware is locked away in a safe location.
August 2nd, 2005, 11:51 PM
Disconnect USB ports or disable them in the Bios....
Warning... You may have a USB Mouse on there so
be ready to use the older style mouse.
Same with CD Roms and Floppy Drives.....
I would pull the ribbon cable then lock the case.
There is other things to consider like Net Access.....
Franklin Werren at www.bagpipes.net
Yes I do play the Bagpipes!
And learning to Play the Bugle