Re: Deny access to copy files

["Mark Dy-Ragos" <bragot () gmail com>]

On Sun, Jun 1, 2008 at 11:20 AM, Ahmed Khalid <warevulf () gmail com> wrote:
> based machine which denies access to copy files to external storage devices
> connected to USB. There is an NTFS permission "Read + Execute" I guess this

Windows has a policy that can do this.  You would need to add the
registry dword value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\StorageDevicePolicies\WriteProtect
and set this to 1.  This might also be possible through a GPO, but I
haven't looked into it.

Another option would be for you to use some sort of USB Device Control
software.  There are several vendors out there who offer this product
(i.e. McAfee, Lumension, DeviceLock).  These software provide features
such as limiting the amount of data that can be copied to an external
drive, or even making copies of all the data that is transferred.  One
useful implementation that they might offer is the ability to only use
USB drives on company approved computers.  The usb drives are
encrypted and can only be decrypted by systems with the necessary
software.

> clueless,  How can I restrict web based emails like hotmail, gmail, yahoo
> there are so many of these and if I somehow manage to block all web based

As several other have already mentioned, even if you block these,
there are several other ways that data can escape.  But to address
your immediate question, you'll need to have a URL filter in place
that can block the webmail category as well as any other proxy
avoidance type sites.

Lastly, there are a bunch of new Data Leakage Prevention (DLP)
products that are starting to appear.  You may want to look into the
features they offer.

Good luck and let us know how it goes.

Mark