Wednesday, June 15, 2005 12:30 AM
bradley
Oh MY GAWD, they can download anything to "insert usb device here"
You know when paranoia starts coming into SBSland that it's becoming mainstream. A few days ago in the newsgroup somone asked how to block USB devices so that people wouldn't download massive amounts of data.
While you can set policies to deny the use of USB devices like.....how to disable the use of USB storage devices and how to make them read only and other third party solutions, the reality is there are many many ways that folks can get data out of your network that you need to be worried about.
Show me a small firm and we probably have lousy internal controls on just about anything. We probobly don't permission and ACL our directories worth a darn to start with, but just brainstorm just a bit to see if we can think of how to get data out of a firm in addition to using USB drives.
- You can email it. [Attachments you know]
- You can upload it to a ftp or web site.
- You can put it on an IPod
- You can xerox it
- You can use your camera phone and take picture of it
- You can burn it to cdrom
- You can put it on a memory stick from a camera
- You can stick it in your boots and walk out the door with it
Bottom line... if you HAVEN'T been thinking about ways that people can easily take data from your firm.... you aren't thinking hard enough.
There are watches, writing pens and other instruments that hold usb thumb drives. Heck there's even a thumb drive on a Swiss army knife these days.
Remember to ensure that you have the right to inspect employees in your security policy.
So just think about your data will you? There are more ways than you think to remove it from your firm.
