Re: Basic Windows Security Question

["Steve" <securityfocus () delahunty com>]

You problem is really how to support remote employees, those teleworking or
working at home at night/weekends.  Do you have a citrix system in place or
something similar?  Cost/benefit for a small firm like yours would mean a
loaner laptop would be a better idea for that employee that likes to do work
from home on occasion.

As others have noted, a policy should address this and other company
confidential data electronic and printed.

AntiVirus and AntiMalware and desktop firewall software should keep a key
logger from installing itself, as noted in your scenario.

I see more and more firms that disable USB due to the large security risks
associated.  I have heard of firms that do not allow data to be written even
to floppy disk or CD. You can disable the USB ports on computers if you
enforce desktop policy via Windows.  I heard of an interesting new technique
to really ensure that USB drives, or other USB devices, will work in the
corporate environment -- pull one of the metal teeth out of the USB sockets
on the computer.


----- Original Message ----- 
From: "Andrew McIntosh" <amcintosh () networkadvocates com>
To: <security-basics () securityfocus com>
Sent: Tuesday, March 29, 2005 4:20 PM
Subject: Basic Windows Security Question


Hello Everybody,

I am curious to see the different suggestions for this scenario:

Suppose you have a small company of less than 100 employees. One of the
employees likes to bring his work home on occasion. He does so using a
USB thumb drive. One day he catches a [virus, worm, Trojan, spyware,
anything you can think of] at home and it winds up on his thumb drive,
which he in turn brings to the company network.

The company certainly should have anti-virus software in place, which
would fix that problem. But what if he unknowingly loads a key logging
program that could capture private customer information? What do you
suggest? Here is what I could think of so far:

Disable USB Port - That would solve the particular problem and create
other problems. For instance, substitute the thumb drive with a floppy
disk or CD. For obvious reasons you don't want to disable those as well.

Restrict user permissions - That could potentially prevent a program
from installing itself, but it would also cause the user some grief if
they need to install programs themselves, or even do simple things like
changing personal settings.

Security Policy - Haven't looked into this yet, but maybe there is a way
to prevent the use of thumb drives and other specific devices through
security policy.

What do you think?

Thanks!

====================
amcintosh () ntad com
====================






---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security 
professionals.  Norwich University is fulfilling this demand with its MS in 
Information Security offered online.  Recognized by the NSA as an 
academically excellent program, NU offers you the opportunity to earn your 
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------