USB pen drive policy

Manu

Many thanks for an informed post. I have one question.

Do you know if this stops USB Printers?

Regards

Simon

-----Original Message-----
From: Manu Nath [mailto:manu.nathpaladion.net] 
Sent: 07 June 2006 15:23
To: bs7799securityfocus.com
Subject: RE: USB pen drive policy

Hi 

How to disable the use of USB storage devices

Here the important point is the USB port is not disable
fully, By doing the
below setting it will not allow data transfer using USB
storage devices like
pen drive etc..., But you can still use USB mouse, keyboard
peripheral
devices etc...

http://support.microsoft.com/default.aspx?scid=kb;
en-us;823732

this setting can be done in GPO also 
 
To Disable the Use of USB Storage Devices

Set the Start value in the following registry key to 4:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Usb
Stor

When you do so, the USB storage device does not work when
the user connects
the device to the computer. To set the Start value, follow
these steps: 

1. Click Start, and then click Run.
 
2. In the Open box, type regedit, and then click OK.
 
3. Locate, and then click the following registry key: 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Usb
Stor
 
4. In the right pane, double-click Start.
 
5. In the Value data box, type 4, click Hexadecimal (if it
is not already
selected), and then click OK.
 
6. Quit Registry Editor.


Regards 
Manu


-----Original Message-----
From: Martinez Sanchez, Juan Didier [mailto:didiermarsanbanamex.com] 
Sent: Tuesday, June 06, 2006 7:32 PM
To: Kosala Atapattu; jose.varghesepaladion.net
Cc: bs7799securityfocus.com
Subject: RE: USB pen drive policy

2. People taking restricted data out of office premises.
Information 
Leakage.
    - Any Solutions for this...?

Encryption + Biometric access control in the removable media
+ her/his
Business Head approval for getting sensitive information out
of your
facilities would sound enough for ya???

Best...
Didier Martínez Sánchez
Group Information Security Office


-----Original Message-----
From: Kosala Atapattu [mailto:kosalaacarcumb.com]
Sent: Tuesday, June 06, 2006 12:53 AM
To: jose.varghesepaladion.net
Cc: bs7799securityfocus.com
Subject: Re: USB pen drive policy


Jose Varghese wrote:
> Building security awareness is the key.
>
> Technology keeps changing - mobile phones with disk
drives. These
> technologies are quite handy. I feel it is
counterproductive to try and
ban
> their usage. Educate the users on the risks and provide
them the tools to
> use them securely!
>   
I agree on the point that these technologies should not be
banned from 
the organization, I'm looking at ways to restrict them.

User induction is a good approach, yet we should not forget
that typical 
users are ignorant as ever. They always try to stick in to
the 
convenient end of the line, where we expect them to stick to
the secure end.

Up to now I realized following things from the discussion,

1. People Carrying Data in removable media....which
information might be 
at a risk if they lose the media.
    - Solution would be Encryption
2. People taking restricted data out of office premises.
Information 
Leakage.
    - Any Solutions for this...?

anything else?

Kosala Atapattu

Hi 

No it will not stop USB printer...

Regards 
Manu

-----Original Message-----
From: Si Schofield [mailto:dsmabrpblon.co.uk] 
Sent: Wednesday, June 07, 2006 9:52 PM
To: Manu Nath; bs7799securityfocus.com
Subject: RE: USB pen drive policy

Manu

Many thanks for an informed post. I have one question.

Do you know if this stops USB Printers?

Regards

Simon

-----Original Message-----
From: Manu Nath [mailto:manu.nathpaladion.net] 
Sent: 07 June 2006 15:23
To: bs7799securityfocus.com
Subject: RE: USB pen drive policy

Hi 

How to disable the use of USB storage devices

Here the important point is the USB port is not disable
fully, By doing the
below setting it will not allow data transfer using USB
storage devices like
pen drive etc..., But you can still use USB mouse, keyboard
peripheral
devices etc...

http://support.microsoft.com/default.aspx?scid=kb;
en-us;823732

this setting can be done in GPO also 
 
To Disable the Use of USB Storage Devices

Set the Start value in the following registry key to 4:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Usb
Stor

When you do so, the USB storage device does not work when
the user connects
the device to the computer. To set the Start value, follow
these steps: 

1. Click Start, and then click Run.
 
2. In the Open box, type regedit, and then click OK.
 
3. Locate, and then click the following registry key: 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Usb
Stor
 
4. In the right pane, double-click Start.
 
5. In the Value data box, type 4, click Hexadecimal (if it
is not already
selected), and then click OK.
 
6. Quit Registry Editor.


Regards 
Manu


-----Original Message-----
From: Martinez Sanchez, Juan Didier [mailto:didiermarsanbanamex.com] 
Sent: Tuesday, June 06, 2006 7:32 PM
To: Kosala Atapattu; jose.varghesepaladion.net
Cc: bs7799securityfocus.com
Subject: RE: USB pen drive policy

2. People taking restricted data out of office premises.
Information 
Leakage.
    - Any Solutions for this...?

Encryption + Biometric access control in the removable media
+ her/his
Business Head approval for getting sensitive information out
of your
facilities would sound enough for ya???

Best...
Didier Martínez Sánchez
Group Information Security Office


-----Original Message-----
From: Kosala Atapattu [mailto:kosalaacarcumb.com]
Sent: Tuesday, June 06, 2006 12:53 AM
To: jose.varghesepaladion.net
Cc: bs7799securityfocus.com
Subject: Re: USB pen drive policy


Jose Varghese wrote:
> Building security awareness is the key.
>
> Technology keeps changing - mobile phones with disk
drives. These
> technologies are quite handy. I feel it is
counterproductive to try and
ban
> their usage. Educate the users on the risks and provide
them the tools to
> use them securely!
>   
I agree on the point that these technologies should not be
banned from 
the organization, I'm looking at ways to restrict them.

User induction is a good approach, yet we should not forget
that typical 
users are ignorant as ever. They always try to stick in to
the 
convenient end of the line, where we expect them to stick to
the secure end.

Up to now I realized following things from the discussion,

1. People Carrying Data in removable media....which
information might be 
at a risk if they lose the media.
    - Solution would be Encryption
2. People taking restricted data out of office premises.
Information 
Leakage.
    - Any Solutions for this...?

anything else?

Kosala Atapattu