Re: Re: Deny access to copy files

[cgmicro () gmail com]

These are definitely legitimate concerns, and every problem does have a solution.

First, my goal wouldn't be to cover 100% of all bases on this, whether it's possible or not, it's just not feasible.  
I'd go with best effort on this one and try to cover as much as possible.  IT folks are always going to try to 
circumvent policy, but if they go to extraordinary lengths to do so, it's a whole lot easier to prosecute.  

You could use group policy to limit external storage, but that's a little restrictive and not very flexible.  There are 
some packages out there that will limit what types of external storage are permitted.  So, if you issue external USB 
drives, USB sticks, etc, you can exempt them.  I can't recall any of the manufacturers off the top of my head, but 
they're out there.  They can get as granular as a 256Mb USB drive in a particular model, block iPods, allow digital 
cameras, etc.

On the webmail issue, just about every content filtering solution will allow you to block major webmail hosts via a 
central database that's updated routinely.  Depends on your budget, but well worth it in my opinion.  Websense, 
Sentian, Surf Control, to name a few.  If you're low on budget, look at iPrism from St. Bernard software, a pretty cool 
little inexpensive solution in comparison.  The drawback to these is that they're only as good as the database of 
sites.  They'll block the hotmails and yahoos of the world, but they won't block the mail server in my basement.

____________________________________
Greg Gammino
CISSP, CCNA, CCDA, MCSE, CHA