U3 USB Stick (In-)Security
Q2/2007 by Martin Suess, martin.suess@csnc.ch
4
USB mass storage devices can be disabled by
changing the DWORD value of Start from 3
(enabled) to 4 (disabled).
The permission of this key has to be changed.
Deny Full Control to the System group.
Otherwise, when adding new devices, Windows
will change the DWORD to the default value (3)
again. The permissions can be changed in the
registry editor by right-clicking on the folder
where the registry key is located and selecting
"permissions".
Thirdparty Tools
If some devices or whole device classes are
needed, consider using specialized software to
whitelist these trusted devices.
Such tools use fingerprints of USB devices
(Device ID) to identify them. So far, no way to
fake these device IDs is known to Compass.
The programs allow a centralized device
management (AD, MS SQL) and policies may
be applied based on domains, groups or users.
There are various third party products available
which allow tightening the endpoint security in
an enterprise in different ways. Some of the
tools are listed here:
GFI EndPointSecurity [10] can be
embedded and configured through Active
Directory and allows group-based
permissions. It controls only whole device
categories and not single devices.
CenterTools DriveLock [12] can be
embedded in Active Directory and allows an
alternative configuration through
configuration files. It allows various kinds of
configurations based on users, groups,
device identifiers or combinations.
Smartline Device Lock also supports Active
Directory and an optional Enterprise Server
can be used to store audit logs and more
on a MS SQL server.
Safeend Protector [11] also integrates with
Active Directory and allows policy
definitions based on users, computers or
groups.
DriveLock
We installed an evaluation version of
CenterTools DriveLock to show some features
here. After installing and (very) basic
configuration, plugging in a USB device causes
this message to appear and the disk cannot be
accessed:
The following picture shows the administration
interface of DriveLock. It contains not only
options drive and device blocking but also for
encryption, shadowed files and a device
scanner.
In an enterprise it might be necessary to allow
certain USB sticks and it is still not desired that
any stick may be used. DriveLock allows
defining the allowed USB sticks very precisely.
(18 páginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentários a estes Manuais