Our machines require the use if the USB drives so there is no way i can disable them without giving myself more of a headache.
I will have to give checkpoint a try tomorrow.
Thanks for the advice. ANy more is greatly appreciated.
Step 5. Save timesheet.xls to usb stick.
Looks like a great solution until you try to bypass it.
I thought rwuiuc was saying they're using it successfully to lock down USB ports, which, it seems to me, would prevent Step 5. Am I missing something?
Please note, I'm not a checkpoint user; just curious.
/scott
I presume he ment that checkpoint could monitor file transfers to usb, if you block the usb ports in software you are going to sit back and assume that everything is fine. Your data stealer is just going to come in with a boot disk, kill your monitoring software or use one of the options in my first post (thought of some more btw, rogue network device, bluetooth connection to his phone, etc). All its going to do is give you a false sense of security.
If you are determined to protect your data then you need to vet your staff and ensure that the minimum number of people have access to your sensitive stuff. Technical measures will only get you so far and with all the options that a bad man has to chose from you might as well spend your time shuffling deckchairs on the titanic. Unless you want to go nuclear and give everyone a thin client (as mentioned above) and even that isnt guaranteed.
We need to ensure that if an employee tries to remove data form the organization we can log and tell which files are being transfered.
Just Google for 'USB monitoring' or something like that. You'll find products, though I can't say if they are reliable or not.
For example, one of them claims that it plays a sound 'to notify the server that any USB device is being inserted or removed on client machine in network', which either is too primitive to be serious, or else assumes the presence of a pretty good eavesdropping system in all relevant location, monitored by that server …
Added Actually, it looks like all hits I get have that sentence or one very like it. Another site 'USB Monitoring utility notifies the server about USB device activities instantly with a sound beep, which helps in notifying the administrator when is not available.'
I can just see the administrator, running to keep up with the beeps from all over the office.
Googling for 'USB data theft' seems to produce better hits …
Try http//
I trialled DeviceWall (http//
Can't remember but there was MAYBE some kind of data classification or role-based filtering to keep the size of log files down. Plus I recall there was the option for an agent to be installed so that even if someone took their computer off the network and did some USB stuff, those actions would be logged on next network connection. Plus other security bits and bobs to prevent users uninstalling the agent and to allow them to bypass the agent (by calling IT to get a code)
HTH
Another option is Symantec's Endpoint Protection (particularly handy if you also use them as a desktop AV client) device control.
It supports full auditing and policy level blocking by device ID. So you could for example, provide "work" usb drives that they could write to, and only allow "reading" from other usb devices. Not fool-proof, but a damn site better then nothing.
As a side bonus, you can limit execution to prevent USB-based virus infections.
Yes the default install is to lock everyone from writing to the USB and Optical Drives. Then we have the exceptions but what they do and drag to and from the drives is logged as well.
As for the comments that there are ways to defeat it.. yes. Nothing is perfect but it does prevent a lot of stupidity from having negative impacts on the company and our customers. Not all malicious users are smart so it helps provide more information about what they do on the system as well.
From a data breach notification perspective the use of encrypted laptops and now enforcing encryption on removable media has been very helpful. That alone is worth its weight in gold, especially since this is one of the most common ways to lose data. It also allows me to spend more time focusing on the trickier issues.
I was only sharing a solution that helps me in my job and my experience iwth it.
Just to put another spin on it…. Sharing USB over the net is going mainstream
http//
http//
http//
etc…
If you have the budget; it's worth looking at a DLP solution from McAfee or Symantec Vontu. You can log what is transfered, block certain types of files based on content, and issue realtime alerts. You can also audit systems on the network looking for distribution of files that meet specific criteria. Ask for a demo or Proof of Concept 1st.
If I was on a system that prevented all methods of stealing data digitally, I would simply pull out my phone camera and take a picture of the screen.
If I was being watched, I would conceal the camera in my shirt pocket.
Sometimes the simple ways are the best! D
I guess that is why phishing scams are far more common that actual account cracking. You make a system so secure the attacker can't break it or can't be bothered to, they just side step it.
As a side note, if it is applications or 50,000+ line source code you don't want stealing, a camera would not work so good! Unless the person wants to spend a long time inputting that data again manually. ?