Bill, you should also look into the direction of stuff like Cisco Security Agent, which is an effective and manageable solution to bring endpoint security to another level. It is based on the 'positive security model' and works with policies rather than signature files. I've seen it do stunning stuff that brings you in complete control of what can and can't happen at your endpoints. Works for workstations and servers, Wintel & *nix.
Just my €.02 Rgds, Wim Remes this e-mail, including attachments, may contain proprietary information. If you are not the addressee or this e-mail was delivered in error you are not allowed to use, copy or divulge any information this message or it's attachments may contain. Please contact the sender if you believe this message was send to you in error and delete the message immediately. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: maandag 21 augustus 2006 18:10 To: [EMAIL PROTECTED]; [email protected] Subject: Re: Use of USB devices Thats great for wintel, but you also better encrypt disk. Otherwise folks will boot an endpoint mount the filesystem and copy off to external. Jay ----- Original Message ----- From: Bill Wittmer To: [email protected] Sent: Wed, 16 Aug 2006 20:23:56 -0400 Subject: Use of USB devices Over the months, I have seen concerns raised about the use of USB devices in the workplace. Of concern is whether restricted data has been removed from the site. Once date has been removed, it is an arduous task to determine if a USB device was used and if any data was removed. For the system administrator, a proactive approach can be taken. I came across a software recently called USB Admin Pro. It can monitor USB devices and restrict their use. The software can be found at http://www.sonarware.com/usbadminpro/index.html and I have included a description from the web page. What is USB Admin Pro? USB Admin Pro is an application that effectively restricts Removable Media. It not only restricts the media, but will also record log files locally and centrally. It will also send out critical email alerts, notifying you of someone trying to use one. Another advantage is that you can give specific removable drives full access to any computer. For example, if you have a systems support staff, and they have thumb drives with drivers or software on them, you can enable their drives to work in any restricted computer. They won't even have to logoff or enter any passwords to use them on any computer. They would simply insert their disk, and start working. Anyone else trying to use their own disk will be greeted with an alert informing them that their removable media is not allowed, restricting use of their drive instantly. Will effectively: * Keep out unwanted files, viruses, trojans, illegal software, etc, from entering your network from removable media. * Keep your sensitive information safe by not allowing users to copy any information to their removable media. * Give you the benefit of having any removable media that you specify, to be allowed in any restricted computer. All others will be restricted instantly when inserted. Based on what I have read, I am going to give it a test. Regards, Bill
