Penetration Testing mailing list archives

RE: USB Drive over network audit monitor

From: "Amardeep Singh" <Amardeep_Singh () symantec com>
Date: Mon, 5 Oct 2009 10:56:55 +0530

You can think of some good commercial DLP options. Host based IDS/IPS
can also help in this.

Amardeep Singh 


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Randal T. Rioux
Sent: Saturday, October 03, 2009 12:02 PM
To: Milind Nanal
Cc: pen-test () securityfocus com
Subject: Re: USB Drive over network audit monitor

Milind Nanal wrote:


Hello Mailing list,

I am looking for free / commercial tool / script to monitor, audit,

report

USB storage drive activities happening on the network. 
USB drives are by default disabled through group policy enforcement.

However

laptop users running in exception mode needs to be further scanned &
audited.


CounterACT (by ForeScout) is a commercial product, but does an excellent

job of monitoring client activity. You can plug/unplug a USB drive from 
the client and the CounterACT manager shows the activity (logs) in near 
real-time. I'm not sure if it can detail what data is being transferred,

but the logging of USB drive connectivity alone can greatly assist 
incident response.

Randy

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Re: USB Drive over network audit monitor Randal T. Rioux (Oct 04)
- RE: USB Drive over network audit monitor Amardeep Singh (Oct 05)