Home page logo
/

basics logo Security Basics mailing list archives

Re: USB and smart drives
From: "steve" <securityfocus () delahunty com>
Date: Mon, 8 Mar 2004 14:17:53 -0500

How would this be different than any policy, or lack thereof, that covers
the use of floppy disk drives?  There are many similarities.  The difference
lies in the fact that these USB devices can copy larger quantities of data,
but some same issues apply as with floppy disks.  Due to the USB drive sizes
I think the root policy is the protection of corporate data, intellectual
property.  Should have a policy against copying data to USB drives if you
can get approval of that.


----- Original Message ----- 
From: "Mike" <mike () superiorholidayadventures ca>
To: "Benny Late" <lvmygop () hotmail com>;
<security-basics () lists securityfocus com>
Sent: Friday, March 05, 2004 8:26 AM
Subject: RE: USB and smart drives


Has anyone implemented a policy or process to protect networks from
viruses
brought in by users with USB drives, that are not company issued so no
passwords etc.

I'm thinking that AV with on access and write to disc scans should
help,
but
I'd like to see some of the policies others have implemented.

Policy?  "Don't bring them in.  If you do, and the network becomes
infected you lose all computer priviledges."

But that shouldn't happen (network becomes infected) if:

Process?  Have some form of anti-virus installed on all client computers
and server.  Schedule regular daily virus updates.  Schedule weekly
virus sweeps.

If your anti-virus is good, and your definitions are current, you should
be able to stop virus outbreaks.  If not, then good luck to you! :)

Mike Fetherston

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]