Security Basics mailing list archives
RE: removable media security
From: SMiller () unimin com
Date: Mon, 2 Aug 2004 15:59:22 -0400
Tim,
Thanks for the prompt response. A brief review confirms your opinion of
this product. Unfortunately, I'm not in a position to implement controls
by automated policy, our data just isn't structured that way at the moment.
I also suspect that the per seat price would be a pretty substantial
fraction of the current device cost ($37 for 256MB; $69 for 512MB). What I
had in mind was a general administrative policy monitored by automated
sampling of log files. I could probably write something that would do the
logging chores, I just thought that someone must have already invented that
wheel.
Scott
"Tim Sceurman"
<tsceurman@pennhi
ghlands.edu> To
<SMiller () unimin com>,
08/02/2004 03:35 <security-basics () securityfocus com>
PM cc
Fax to
Subject
RE: removable media security
Scott,
I don't know if this will answer your exact question, but there is software
out there that gives very fine control over removable media. Reflex
Disknet Pro can allow you to set permissions so that a user can't access
any executable file from removable media, and can auto AV scan devices. I
work for a college, so this has been an idea we've been kicking around as
well.
Tim
-----Original Message-----
From: SMiller () unimin com [mailto:SMiller () unimin com]
Sent: Fri 7/30/2004 1:20 PM
To: security-basics () securityfocus com
Cc:
Subject: removable media security
Been thinking about security re USB flash drives, whether to
require
encryption, and how the risk represented by such devices
compares with that
posed by other removable media. I'm aware that the general
subject has
been discussed in several threads on this list. This train of
thought led
to wondering whether any software exists to monitor and log
file writes to
removable drives. I understand that it could be difficult to
make an
absolute programmatic determination of what drives are
removable, but an
approximation (in Windows, perhaps any drive other that C:)
should be easy.
Anyone know of or employing such a tool? Other thoughts on
the subject?
Thanks.
Scott
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and
get $545 off
any course! All of our class sizes are guaranteed to be 10
students or less
to facilitate one-on-one interaction with one of our expert
instructors.
Attend a course taught by an expert instructor with years of
in-the-field
pen testing experience in our state of the art hacking lab.
Master the skills
of an Ethical Hacker to better assess the security of your
organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Current thread:
- removable media security SMiller (Aug 02)
- RE: removable media security KrYo (Aug 03)
- <Possible follow-ups>
- RE: removable media security Tim Sceurman (Aug 03)
- RE: removable media security SMiller (Aug 03)