RE: Controlling specific USB devices on Windows XP



I've been part way following this discussion, which is very
interesting. It speaks to the Security area of IT in many ways.

I'm about ready to try out DeviceLock by SmartLine Inc I have some
questions about it as I do - for anyone who is using it. I understand
that this product will allow control over specific hardware devices. Am
I right that with this software it will be possible to dis-allow all but
specific USB devices?

Much like a mac address filter on a firewall ...

If this is true, what about card readers? Can SF Cards be identified
and controlled? Can a SF card reader be identified and controlled? If
it is just the reader, as a device that is controlled then, for PCs that
might have need for those, it is the same as having a USB port that is
enabled.

Maybe I'm missing what this software does altogether??

-----Original Message-----
From: Jon Holvoet [mailto:jon.holvoet@xxxxxxxxxx]
Sent: Friday, June 16, 2006 2:30 PM
To: security-basics@xxxxxxxxxxxxxxxxx; focus-ms@xxxxxxxxxxxxxxxxx
Subject: RE: Controlling specific USB devices on Windows XP

I can only agree on the usage of devicelock.
Last year we faced the same problem in our company and decided to
compare a couple of the publicly available tools. I stumbled upon a
review that greatly aided me in my quest:

http://www.securitybyte.com/articles/device_control_solutions.ehtml

A number of these products are extremely overpriced, and don't even
perform a decent job. Devicelock offers the best for its price, closely
followed by devicewall mainly because of lesser functionality.

Look for the pro's and con's. Is there a white-list possibility? Is
there a central management system? If yes, custom App or MMC? Active
Directory integration can be a great benefit when configuring, and can
avoid double administration. And how about alerting? ...

I should say, download the evaluation of a number of these and start
testing for yourself.

And I can only add to the discussion that it is really about time that
companies start paying more attention to this. On a year time I've seen
a lot of alerts pass by, either because of ignorant or unknowing users
who decide to try and use their Ipod for different purposes. 90% might
be harmless, but the 10% that remains might be a risk for both company
theft and viruses.


-----Original Message-----
From: Peter Eden [mailto:peter.eden@xxxxxxxxxxx]
Sent: Thursday, June 15, 2006 3:16 PM
To: security-basics@xxxxxxxxxxxxxxxxx; focus-ms@xxxxxxxxxxxxxxxxx
Cc: ken.securitylist@xxxxxxxxx
Subject: RE: Controlling specific USB devices on Windows XP

I agree that Device Lock is worth a look. We use it in our accessibility
computer lab to prevent students from cheating on exams while allowing
them to save their finished/answered exam onto a USB device provided by
the proctor. It works well for our purposes (the students haven't
figured out how to get around it yet).

Peter Eden
Computing and Networking Services
University of Toronto


-----Original Message-----
From: Chinnery, Paul [mailto:PaulC@xxxxxxxxx]
Sent: Wednesday, June 14, 2006 11:12 AM
To: security-basics@xxxxxxxxxxxxxxxxx; focus-ms@xxxxxxxxxxxxxxxxx
Subject: RE: Controlling specific USB devices on Windows XP

You might look at DeviceLock (www.protect-me.com). I just read a
short review of it in the latest issue of Windows ITPro magazine.

-----Original Message-----
From: Ken S [mailto:ken.securitylist@xxxxxxxxx]
Sent: Tuesday, June 13, 2006 5:06 PM
To: security-basics@xxxxxxxxxxxxxxxxx; focus-ms@xxxxxxxxxxxxxxxxx
Subject: Controlling specific USB devices on Windows XP


I am investigating the possibility of locking down Windows computers
to only allow specific USB devices to attach. I'm considering the
mtrust product from www.m-systems.com, which the marketing materials
say can force users to only use their particular USB storage devices
(or those that they OEM to others, like Kingston, Verbatim, etc.).

Does anyone have experience with this package? If so, what are the
pros and cons?

Also, are there other solutions are out there that can ensure only
specific USB storage devices are allowed on a system?

Is there anything specific for biometric USB storage?

Any comments on the effectiveness of such software?

Thanks,

Ken S

--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------


--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------




------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.0/368 - Release Date: 6/16/2006


--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.0/368 - Release Date: 6/16/2006



------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------