RE: Disabling USB mass storage

• Previous message: KL_SecurityFocus_at_spamex.com: "Folder Encryption"
• Maybe in reply to: Martin a Marika TYDOROVCI: "Disabling USB mass storage"
• Next in thread: Steven Hay: "RE: Disabling USB mass storage"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 4 Mar 2005 11:14:07 -0800
To: "Allan S" <nullconnect@gmail.com>, <focus-ms@securityfocus.com>

Allan;
Well written and I agree. Its an example of poor risk management. Its
also an example of organizations demanding technological solutions to
problems that can't be solved purely through technology. Anyone with
physical access to a box can find a way to get around to your software
based countermeasures, and probably your hardware based ones as well.
If all else fails, they can take out their phone or music player and
take a digital photo of the computer screen. These organizations might
want to ban CRTs, LCDs, and all other display technologies too, just to
be safe;)

Having clearly articulated policies about data classification and
handling of corporate data seems more effective to me. Enforcing those
policies by firing people who violate them will let everyone know how
seriously the organization considers the issue to be.

Regards,

Kurt

-----Original Message-----
From: Allan S [mailto:nullconnect@gmail.com]
Sent: Thursday, March 03, 2005 8:55 PM
To: focus-ms@securityfocus.com
Subject: Re: Disabling USB mass storage

We've taken the step of disabling the USB controllers in device manager
on our clients' machines...

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: KL_SecurityFocus_at_spamex.com: "Folder Encryption"
• Maybe in reply to: Martin a Marika TYDOROVCI: "Disabling USB mass storage"
• Next in thread: Steven Hay: "RE: Disabling USB mass storage"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]