Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Use of USB devices

from [jay.tomas] Network Security [Permanent Link]
Subject: Re: Use of USB devices
Date: Mon, 21 Aug 2006 12:09:49 -0400 
Thats great for wintel, but you also better encrypt disk. Otherwise folks will 
boot an endpoint
mount the filesystem and copy off to external.

Jay
----- Original Message -----
From: Bill Wittmer
To: forensics@securityfocus.com
Sent:  Wed, 16 Aug 2006 20:23:56 -0400
Subject: Use of USB devices

Over the months, I have seen concerns raised about the use of USB devices in 
the workplace.  Of concern is whether restricted data has been removed from 
the site.  Once date has been removed, it is an arduous task to determine if 
a USB device was used and if any data was removed.  For the system 
administrator, a proactive approach can be taken.  I came across a software 
recently called USB Admin Pro.  It can monitor USB devices and restrict 
their use.  The software can be found at 
http://www.sonarware.com/usbadminpro/index.html and I have included a 
description from the web page.

What is USB Admin Pro?

USB Admin Pro is an application that effectively restricts Removable Media. 
It not only restricts the media, but will also record log files locally and 
centrally. It will also send out critical email alerts, notifying you of 
someone trying to use one.

Another advantage is that you can give specific removable drives full access 
to any computer. For example, if you have a systems support staff, and they 
have thumb drives with drivers or software on them, you can enable their 
drives to work in any restricted computer. They won't even have to logoff or 
enter any passwords to use them on any computer. They would simply insert 
their disk, and start working. Anyone else trying to use their own disk will 
be greeted with an alert informing them that their removable media is not 
allowed, restricting use of their drive instantly.

Will effectively:

    * Keep out unwanted files, viruses, trojans, illegal software, etc, from 
entering your network from removable media.
    * Keep your sensitive information safe by not allowing users to copy any 
information to their removable media.
    * Give you the benefit of having any removable media that you specify, 
to be allowed in any restricted computer.  All others will be restricted 
instantly when inserted.

  Based on what I have read, I am going to give it a test.


Regards,
Bill
[More messages with this same subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Mounting LVM image for analysis, Nathaniel Hall
Next by Date:  RE: Mounting LVM image for analysis, Nehls, Patrick
Previous by Thread:  Use of USB devices, Bill Wittmer
Next by Thread:  Re: Use of USB devices, thetackdriver
Indexes:  [Date] [Thread] [Top] [All Lists]