Security Basics mailing list archives

RE: USB and smart drives

From: "ken kousky" <kkousky () ip3inc com>
Date: Fri, 5 Mar 2004 07:23:00 -0500

Reading and writing to usb drives are system events that can be addressed
through event logging technologies.

We work with InfoExpress, I use only as an example, as a tool to map a
written policy on information usage into system policies where the actual
data flows can be logged AND blocked if the policy so designates.

Remember, if you're going to write policy, you want to be able to enforce it
and audit it.

In terms of scanning the data flows, that's the role of desktop a/v's and
the issue is when you trigger scans. Every time a file is moved, when the
system boots, etc.

Which client a/v are you using?

KWK


-----Original Message-----
From: Benny Late [mailto:lvmygop () hotmail com] 
Sent: Thursday, March 04, 2004 3:18 PM
To: security-basics () lists securityfocus com
Subject: USB and smart drives

Has anyone implemented a policy or process to protect networks from viruses 
brought in by users with USB drives, that are not company issued so no 
passwords etc.

I'm thinking that AV with on access and write to disc scans should help, but

I'd like to see some of the policies others have implemented.

Many thanks,
Benny

_________________________________________________________________
Learn how to help protect your privacy and prevent fraud online at Tech 
Hacks & Scams. http://special.msn.com/msnbc/techsafety.armx


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

USB and smart drives Benny Late (Mar 04)
- RE: USB and smart drives ken kousky (Mar 08)
- Re: USB and smart drives Murad Talukdar (Mar 08)
- <Possible follow-ups>
- RE: USB and smart drives Mike (Mar 08)
  - Re: USB and smart drives steve (Mar 08)
    - RE: USB and smart drives ken kousky (Mar 09)
    - RE: USB and smart drives Aditya, ALD [Aditya Lalit Deshmukh] (Mar 10)
- RE: USB and smart drives Benny Late (Mar 08)