RE: USB and smart drives

["Benny Late" <lvmygop () hotmail com>]

We have NAI av in place.  It's up to date and functions very very well.  I 
appreciate all the replies!

B


> From: "ken kousky" <kkousky () ip3inc com>
> To: "'Benny Late'" <lvmygop () hotmail com>,   
> <security-basics () lists securityfocus com>
> Subject: RE: USB and smart drives
> Date: Fri, 5 Mar 2004 07:23:00 -0500
>
> Reading and writing to usb drives are system events that can be addressed
> through event logging technologies.
>
> We work with InfoExpress, I use only as an example, as a tool to map a
> written policy on information usage into system policies where the actual
> data flows can be logged AND blocked if the policy so designates.
>
> Remember, if you're going to write policy, you want to be able to enforce 
> it
> and audit it.
>
> In terms of scanning the data flows, that's the role of desktop a/v's and
> the issue is when you trigger scans. Every time a file is moved, when the
> system boots, etc.
>
> Which client a/v are you using?
>
> KWK
>
>
> -----Original Message-----
> From: Benny Late [mailto:lvmygop () hotmail com]
> Sent: Thursday, March 04, 2004 3:18 PM
> To: security-basics () lists securityfocus com
> Subject: USB and smart drives
>
> Has anyone implemented a policy or process to protect networks from viruses
> brought in by users with USB drives, that are not company issued so no
> passwords etc.
>
> I'm thinking that AV with on access and write to disc scans should help, 
> but
>
> I'd like to see some of the policies others have implemented.
>
> Many thanks,
> Benny
>
> _________________________________________________________________
> Learn how to help protect your privacy and prevent fraud online at Tech
> Hacks & Scams. http://special.msn.com/msnbc/techsafety.armx
>
>
> ---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
> skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------

_________________________________________________________________
Frustrated with dial-up? Lightning-fast Internet access for as low as 
$29.95/month. http://click.atdmt.com/AVE/go/onm00200360ave/direct/01/


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------