Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: USB Drive over network audit monitor

From: "Randal T. Rioux" <randy () procyonlabs com>
Date: Sat, 03 Oct 2009 02:32:06 -0400
Milind Nanal wrote:


Hello Mailing list,

I am looking for free / commercial tool / script to monitor, audit, report
USB storage drive activities happening on the network. USB drives are by default disabled through group policy enforcement. However 
laptop users running in exception mode needs to be further scanned &
audited.
CounterACT (by ForeScout) is a commercial product, but does an excellent job of monitoring client activity. You can plug/unplug a USB drive from the client and the CounterACT manager shows the activity (logs) in near real-time. I'm not sure if it can detail what data is being transferred, but the logging of USB drive connectivity alone can greatly assist incident response. 

Randy

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 
http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: