Loss of confidential information because of a USB stick is nothing new, but this one is quite amusing. A NZ guy buys a second hand MP3 player in the US. When he plugs it in there are files on the device with details of US Military personnel (article). Turns out the previous owner's house was broken into and the player was taken. That still doesn't explain why she had an MP3 player with work files on them, or does it? Well it actually makes sense. There are plenty of products about in the market place that will help you secure devices. In Windows world you can use group policies In linux, OSX, etc the USB devices can be disabled. Have a look at the NSA document that describes how to disable USB devices on different platforms (the site was a bit slow when I looked). Once thing the commercial products I know off do nicely, is log what is placed onto or taken off the device, which is handy in investigations. BTW if you have a nice way to provide an audit trail using opensource tools I'd be interested in hearing from you. |
Mark 391 Posts ISC Handler |
Subscribe |
Jan 30th 2009 1 decade ago |
While not open source by any means, Pointsec does a fine job of restricting USB access and providing reports and email alerts. It ties to Active Director and you can set policies for people and / or computers.
|
Jasey 93 Posts |
Quote |
Jan 30th 2009 1 decade ago |
We've been using DeviceLock for a while and quite happy with it. It is also not open source, but it covers all our needs in controlling access to any types of removable devices and it is easy to use and deploy (even easier than epoxy glue, i guess
![]() |
ArD 6 Posts |
Quote |
Jan 31st 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!