Re: Disabling USB mass storage
browro_at_samc.com
Date: 03/04/05
- Previous message: Brady McClenon: "RE: computer account password...."
- Maybe in reply to: Martin a Marika TYDOROVCI: "Disabling USB mass storage"
- Next in thread: Nick Duda: "RE: Disabling USB mass storage"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 4 Mar 2005 20:07:34 -0000 To: focus-ms@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <e5dda3b405030315553767bfcc@mail.gmail.com>
For me the issue resovles around Risk Management:
1) Reduces the number of infection vectors. If the masses do not require access to it then it shouldn't be enabled.
2) If they email it or print it, I will have a record. Not foolproof, but at least I have evidence for audit purposes. Granted, I probably will not even know if the individual is scrupulous enough to perform their actions under the radar.
3) It's about keeping control of your data. If my company has sensitive data, I want to maintain control of it as best I know how. From the corporate espionage viewpoint, I would rather that an individual have to use some archaic, low-capacity storage mechanism that will require more time / effort to "liberate information" than use a device that is easy to conceal and has a large storage capacity.
In my current work environment #1 is the biggest reason.
Ron
IS Security Administrator
>While I'm on the subject. . . why all the FUD regarding USB drives?
>We have a policy at my current job that prevents the use of USB
>drives. This was a policy implemented around the same time that we
>deployed new clients to our users. . . clients that came with CD
>burners and floppy drives. . . which aren't disabled ....
>But. I would be appreciative if anyone could point me towards a good
>reason for disabling USB drives, so that I can start defending this
>policy with some form of conviction.
>
>Or am I correct in my belief that this emperor is buck naked?
>
>Now - if you'll excuse me - I have a DVD burner to install for a user.
>
>Allan Seyberth
>
>---------------------------------------------------------------------------
>---------------------------------------------------------------------------
>
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Brady McClenon: "RE: computer account password...."
- Maybe in reply to: Martin a Marika TYDOROVCI: "Disabling USB mass storage"
- Next in thread: Nick Duda: "RE: Disabling USB mass storage"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
