Insights and tips to protect Desktops from USB flash drives
I felt the use of the USB storage (Flash Drive) when i was in need of transferring some office photos from my laptop to Home PC. It went on with few minutes of work and everything was in sync. It made life easier and simple. USB based storage devices are the most popular medium of data storage and data transfer mechanism. The main factors for the rousing success of USB IMHO is
* Its so Handy.
* Low Cost
* Self Powered (No extra cables or power)
* Hot plug (able) (External to the system)
* Supported anywhere (since standard based)
Before we see how to protect your network computers from the USB threats, let’s check out why to protect your PC from USB storage access. You have equal (actually more than that) opportunities of bringing security threats to your corporate network. Imagine my case, if my home machine was infected by a trojan variant or malwarae, it becomes easy few steps to get my corporate network infected by Monday morning when i’m in office(Monday Blues..). The possible threats can be
* Viruses
* Malicious software
* Data Theft and Loss
Users can deliberately or unintentionally introduce viruses that can spread to all the computers on your network. Users can easily bypass perimeter defenses like firewalls and antivirus at mailserver, and introduce malware such as Trojan Horses or viruses that, if not discovered, can cause serious damage. Similarly, users can copy information that should not be exposed i.e. business data, financial statements, strategies and so on., or transfer data to company computers that is not allowed, pornography, illegal softwares etc., Inorder to overcome these unwanted side effects let us consider these tips.
| Quote: |
| * Frame a security policy for USB storage usage : Guidelines and trainings on using portable storage devices by specifying, when and for what they can use the devices.* Educating the User : Since USB flash drives are becoming essential part of IT, (the slash in pricing also encourages common users) stopping the usage is not advisable, however you can educate the users about the risks that it can bring to the company and thus to him.* Tighten Security : Instruct your security guards about the Flash drives and keep them alert about the risks, so they can also form first level of security from outside.
* Lock your Desktop : Enforce a policy in your network to lock all the unmanned Desktops. Especially for the computers which has sensitive data. * Authorize the usage : Identify and authorize the persons who can use, also implement possible Access control (ACL). * Keep AV updated : Always make sure you have your Antivirus program kept up to date, to encouter with virus sneak peaks. * Restrict access to USB ports on desktops/Laptops : The native configuration approach through Group Policy has options to make the USB drives read-only. |
As a technical consultant i would recommend all the above mentioned points and stress more on the last point which is very vital. Here in Desktop Central the subsequent releases of the product will focus more on corporate security on the basis of configuration and preventive maintenance.
Share your thoughts and experiences on USB flash device storage based security concerns and views.
~romanus~
Help others find this article:
| 
| 
| 
Hi
Our new version of Desktop Central is getting released in a few weeks time. It has many new features and the existing configurations are quite enhanced. The major highlight of the new version is Patch management as a completely automated solution. You can have a complete demonstration of the new version in the HDI show being conducted at Nashville, Tennessee(March 19-22) at Booth 118. You can also have a sneak preview of Remote Desktop Sharing there that is going to be part of subsequent release due next month.
Desktop Central’s Product Manager Mr.V.Mathivanan will be there in the show to demonstrate the new version and help you understand and appreciate the product fully. Share your experiences and feedback on the product and the new version with him and post your comments here.
Happy viewing.
Matt Sidambaram
Help others find this article:
| | |
I read the below document in SearchWinIT.com by Derek Melber. It explains about the importance of configuring security policies in windows servers and desktops using Group Policy. Just I thought to share with you …
| Quote: |
| The level of security provided in Microsoft operating systems is joke fodder for many IT pros. Some companies have stayed away from Microsoft for security’s sake. You might be wondering if your servers and desktops — as well as your entire organization — are secure under your current Windows installation base. This is a valid concern and one that should not be taken lightly. Here, we will look at the areas you must ensure are secured.Is the perception a reality?I have been working with Windows since 9x and NT 4.0. When I first got involved with these operating systems, security was not as important as it is today. Back then, the intent of attacks was to just make things harder for IT professionals. I remember when service packs released to fix broken and insecure areas of Windows typically did more damage than good. When Microsoft tried to tackle security back then, it was merely a feeble attempt.
Over the past few years and operating systems, Microsoft has done a very good job of increasing the security features that are included in the operating system. However, the reality of the situation is that the default installation is not as secure as it could or should be. So, the perception is a reality! However, the perception that Microsoft operating systems are insecure is not wholly valid. There have been significant changes and features that help make a Windows computer very secure. Where attention should be directed Attention to your Windows servers and desktops should be given where security is an option but is not configured. Most of these settings are included in Group Policy. Therefore, you should have your IT staff do their due diligence on how to design, configure and deploy Group Policy. Microsoft has developed some Windows hardening and security guides that you can find here. Special attention should be given to the following areas: * Authentication protocols * Anonymous access * Network communication signing * Services * User rights * Account policies * Audit policies * Administrator use and password * Local group membership Summary Windows systems can be secured, but the installation does take some extra effort. Knowing that these systems are weak by default can give your IT staff the upper hand in locking them down before a disaster or breach happens. You can secure servers and desktops by using the security guides. Just remember that a Microsoft operating system is designed for ease of use first and security second. In almost all cases, these two have conflicting settings, which makes the default installation a bit weaker than desired. |
Help others find this article:
| | |
Desktop Central is a configuration product so admin privilege is MUST to perform various desktop management activities such as remote configuration, software installation, etc. But will it be possible to get it in every scenario ? It is not an issue if the network is small and medium size. What is the problem in the large network or enterprise ? Just take an example, there is a large enterprise which is geographically distributed, so obviously its network is also distributed. Suppose IT guy of one region wants to use Desktop Central to manage his network which is a subset of his large enterprise’s network. Do you think he/she will get the Domain Admin credentials ? It is difficult, what do you say ?
Thanks
Mathi
Help others find this article:
| | |
