Penetration Testing mailing list archives
Re: USB Drive over network audit monitor
From: "Randal T. Rioux" <randy () procyonlabs com>
Date: Sat, 03 Oct 2009 02:32:06 -0400
Milind Nanal wrote:
Hello Mailing list, I am looking for free / commercial tool / script to monitor, audit, reportUSB storage drive activities happening on the network. USB drives are by default disabled through group policy enforcement. Howeverlaptop users running in exception mode needs to be further scanned & audited.
CounterACT (by ForeScout) is a commercial product, but does an excellent job of monitoring client activity. You can plug/unplug a USB drive from the client and the CounterACT manager shows the activity (logs) in near real-time. I'm not sure if it can detail what data is being transferred, but the logging of USB drive connectivity alone can greatly assist incident response.
Randy ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: USB Drive over network audit monitor Randal T. Rioux (Oct 04)
- RE: USB Drive over network audit monitor Amardeep Singh (Oct 05)