Re: HELP - Major Security Risk - USB Flash Memory!!

From: Steve Riley [MSFT] (steriley_at_microsoft.com)
Date: 10/18/04 

Date: Mon, 18 Oct 2004 11:48:28 -0700

If you are worried about users absconding with information on USB drives,
please also don't forget about several other methods that are also
available:

* corporate e-mail
* web-based free e-mail
* instant messengers
* peer-to-peer file sharing utilities
* USB drives that install their own drivers
* digital cameras and MP3 players
* 1394 firewire drives
* CD and DVD recorders
* parallel port hard drives
* floppy disks
* infrared port or network transfer to other computers
* print outs
* digital photographs and screen captures
* telephone dictation

Note: the other poster did point to some info you can use. This, however, is
a machine setting, not a user setting; all users of the machine will be
affected. You can't have a separate setting for the two authorized users.

If someone wants to make off with data from your computers or network and
they've got access, generally they will be able to accomplish their goals. A
product like Rights Management Services can be very helpful here, but even
RMS won't stop what we call "analog attacks," like for instance placing the
monitor face on a photocopier and pressing the print button. :)

My recommendation: rethink the focus of your security policy. What risk is
the policy trying to mitigate? Usually it isn't a good idea for a *policy*
to mention specific pieces of technology. Policies describe acceptabe
behavior and the consequences for violation. If removing confidential
information is a violation of policy, address it at the management level
(terminate the violator's employment), because it's really the only way you
can.

Steve Riley
steriley@microsoft.com

"Matthew Miller" <mattmiller1505@hotmail.com> wrote in message
news:eDwPvgRtEHA.3200@TK2MSFTNGP09.phx.gbl...
> It has come to my attention that normal users on my network can plug in
> and
> use USB Flash Memory sticks with no problems what so ever.
>
> This is a huge security risk for us, and it also violates our polices to
> allow such activity. I cannot find how to disable this.
>
> Current Settings: (Domain Group Policy) Computer Config\Windows
> Settings\Security Settings\Local Policies\Security Options\
> Devices: Allow to format and eject removable media =
> Administrators
>
> Local Policies on client computers are default for same setting (which is
> Administrators)
>
>
> What else do I need to do? Going around and disabling all USB ports is
> not
> a practical solution, our computers are spread to far apart to accomplish
> anything that big.
>
> Any changes you suggest, will they affect current users of USB mem sticks,
> or only new users? We have 2 individuals with authorization to use a USB
> mem stick who will need to continue to use a mem stick; but several who
> currently use one, need all rights removed immediately! (2 users who need
> to continue, one is a Power User, and one is a normal Domain User)
>
> Thanks for any and all help
>
> Matt
>
>

Quantcast