Security Basics mailing list archives
Re: Basic Windows Security Question
From: Danny Puckett <dpuckett () comresource com>
Date: Fri, 01 Apr 2005 06:57:35 -0500
I agree that disabling USB drives may not be the answer. At our office we have a "Scan" station that is not on the core network that has up to date virus definitions on it. Employees are required to scan any media that came from the outside. This includes floppys, cdroms and USB thumb drives. We have a chart where a user puts their name on it and what they have scanned. This way nothing gets on the core network without having been scanned. It is painless and nobody has complained.
Depp, Dennis M. wrote:
Andrew, First I think you should have a policy for working at home. In this policy, you should have the minimum requirements for a home computer that will be used. This should include items such as upto date anti-virus software, anti-spam software etc. Second, users should not be running with administrator privledges. Yes I know this is difficult to implement, but the payback can be huge. This should reduce the risk of installing something like a key logging software from the thumb drive. I am not a fanof disabling USB drives. In my mind this is counter productive as more and more items are using USB ports. I think the best solution is to reduce the risk by having upto date anti-virus/anti-spyware and a policy telling the employee how to protect their home computer.Dennis-----Original Message-----From: Andrew McIntosh [mailto:amcintosh () networkadvocates com] Sent: Tuesday, March 29, 2005 4:21 PMTo: security-basics () securityfocus com Subject: Basic Windows Security Question Hello Everybody, I am curious to see the different suggestions for this scenario: Suppose you have a small company of less than 100 employees. One of the employees likes to bring his work home on occasion. He does so using a USB thumb drive. One day he catches a [virus, worm, Trojan, spyware, anything you can think of] at home and it winds up on his thumb drive, which he in turn brings to the company network. The company certainly should have anti-virus software in place, which would fix that problem. But what if he unknowingly loads a key logging program that could capture private customer information? What do you suggest? Here is what I could think of so far: Disable USB Port - That would solve the particular problem and create other problems. For instance, substitute the thumb drive with a floppy disk or CD. For obvious reasons you don't want to disable those as well. Restrict user permissions - That could potentially prevent a program from installing itself, but it would also cause the user some grief if they need to install programs themselves, or even do simple things like changing personal settings. Security Policy - Haven't looked into this yet, but maybe there is a way to prevent the use of thumb drives and other specific devices through security policy. What do you think? Thanks! ==================== amcintosh () ntad com ==================== --------------------------------------------------------------------------- Earn your MS in Information Security ONLINEOrganizations worldwide are in need of highly qualified information security professionals. Norwich University is fulfilling this demand with its MS in Information Security offered online. Recognized by the NSA as an academically excellent program, NU offers you the opportunity to earn your degree without disrupting your home or work life.http://www.msia.norwich.edu/secfocus_en ----------------------------------------------------------------------------
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- RE: Basic Windows Security Question David Gillett (Apr 04)
- Re: Basic Windows Security Question Ansgar -59cobalt- Wiechers (Apr 05)
- <Possible follow-ups>
- Re: Basic Windows Security Question Doug . Janelle (Apr 04)
- RE: Basic Windows Security Question Herman Frederick Ebeling Jr. (Apr 04)
- Re: Basic Windows Security Question Steve (Apr 05)
- Re: Basic Windows Security Question Sebastian (Apr 06)
- Re: Basic Windows Security Question Danny Puckett (Apr 04)
- Re: Basic Windows Security Question Steve (Apr 04)
- Re: Basic Windows Security Question C. Francis Pineda (Apr 05)
- RE: Basic Windows Security Question Dante Mercurio (Apr 06)
- Re: Basic Windows Security Question Barrie Dempster (Apr 12)