RE: USB pen drive policyJun 08 2006 04:08AM Frichot, Christian \(RPG\) (Christian Frichot riotinto com)
This simply prevents the USB Mass Storage service from starting. This should not have any effect on printers, mice, scanners etc.
-Christian
-----Original Message-----
From: Si Schofield [mailto:dsm (at) abrpblon.co (dot) uk [email concealed]]
Sent: Thursday, 8 June 2006 12:22 AM
To: Manu Nath; bs7799 (at) securityfocus (dot) com [email concealed]
Subject: RE: USB pen drive policy
Manu
Many thanks for an informed post. I have one question.
Do you know if this stops USB Printers?
Regards
Simon
-----Original Message-----
From: Manu Nath [mailto:manu.nath (at) paladion (dot) net [email concealed]]
Sent: 07 June 2006 15:23
To: bs7799 (at) securityfocus (dot) com [email concealed]
Subject: RE: USB pen drive policy
Hi
How to disable the use of USB storage devices
Here the important point is the USB port is not disable fully, By doing the below setting it will not allow data transfer using USB storage devices like pen drive etc..., But you can still use USB mouse, keyboard peripheral devices etc...
5. In the Value data box, type 4, click Hexadecimal (if it is not already selected), and then click OK.
6. Quit Registry Editor.
Regards
Manu
-----Original Message-----
From: Martinez Sanchez, Juan Didier [mailto:didiermarsan (at) banamex (dot) com [email concealed]]
Sent: Tuesday, June 06, 2006 7:32 PM
To: Kosala Atapattu; jose.varghese (at) paladion (dot) net [email concealed]
Cc: bs7799 (at) securityfocus (dot) com [email concealed]
Subject: RE: USB pen drive policy
2. People taking restricted data out of office premises. Information
Leakage.
- Any Solutions for this...?
Encryption + Biometric access control in the removable media + her/his
Business Head approval for getting sensitive information out of your
facilities would sound enough for ya???
Best...
Didier Martínez Sánchez
Group Information Security Office
-----Original Message-----
From: Kosala Atapattu [mailto:kosalaa (at) carcumb (dot) com [email concealed]]
Sent: Tuesday, June 06, 2006 12:53 AM
To: jose.varghese (at) paladion (dot) net [email concealed]
Cc: bs7799 (at) securityfocus (dot) com [email concealed]
Subject: Re: USB pen drive policy
Jose Varghese wrote:
> Building security awareness is the key.
>
> Technology keeps changing - mobile phones with disk drives. These
> technologies are quite handy. I feel it is counterproductive to try and
ban
> their usage. Educate the users on the risks and provide them the tools to
> use them securely!
>
I agree on the point that these technologies should not be banned from
the organization, I'm looking at ways to restrict them.
User induction is a good approach, yet we should not forget that typical
users are ignorant as ever. They always try to stick in to the
convenient end of the line, where we expect them to stick to the secure end.
Up to now I realized following things from the discussion,
1. People Carrying Data in removable media....which information might be
at a risk if they lose the media.
- Solution would be Encryption
2. People taking restricted data out of office premises. Information
Leakage.
- Any Solutions for this...?
-Christian
-----Original Message-----
From: Si Schofield [mailto:dsm (at) abrpblon.co (dot) uk [email concealed]]
Sent: Thursday, 8 June 2006 12:22 AM
To: Manu Nath; bs7799 (at) securityfocus (dot) com [email concealed]
Subject: RE: USB pen drive policy
Manu
Many thanks for an informed post. I have one question.
Do you know if this stops USB Printers?
Regards
Simon
-----Original Message-----
From: Manu Nath [mailto:manu.nath (at) paladion (dot) net [email concealed]]
Sent: 07 June 2006 15:23
To: bs7799 (at) securityfocus (dot) com [email concealed]
Subject: RE: USB pen drive policy
Hi
How to disable the use of USB storage devices
Here the important point is the USB port is not disable fully, By doing the below setting it will not allow data transfer using USB storage devices like pen drive etc..., But you can still use USB mouse, keyboard peripheral devices etc...
http://support.microsoft.com/default.aspx?scid=kb;en-us;823732
this setting can be done in GPO also
To Disable the Use of USB Storage Devices
Set the Start value in the following registry key to 4:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
When you do so, the USB storage device does not work when the user connects the device to the computer. To set the Start value, follow these steps:
1. Click Start, and then click Run.
2. In the Open box, type regedit, and then click OK.
3. Locate, and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
4. In the right pane, double-click Start.
5. In the Value data box, type 4, click Hexadecimal (if it is not already selected), and then click OK.
6. Quit Registry Editor.
Regards
Manu
-----Original Message-----
From: Martinez Sanchez, Juan Didier [mailto:didiermarsan (at) banamex (dot) com [email concealed]]
Sent: Tuesday, June 06, 2006 7:32 PM
To: Kosala Atapattu; jose.varghese (at) paladion (dot) net [email concealed]
Cc: bs7799 (at) securityfocus (dot) com [email concealed]
Subject: RE: USB pen drive policy
2. People taking restricted data out of office premises. Information
Leakage.
- Any Solutions for this...?
Encryption + Biometric access control in the removable media + her/his
Business Head approval for getting sensitive information out of your
facilities would sound enough for ya???
Best...
Didier Martínez Sánchez
Group Information Security Office
-----Original Message-----
From: Kosala Atapattu [mailto:kosalaa (at) carcumb (dot) com [email concealed]]
Sent: Tuesday, June 06, 2006 12:53 AM
To: jose.varghese (at) paladion (dot) net [email concealed]
Cc: bs7799 (at) securityfocus (dot) com [email concealed]
Subject: Re: USB pen drive policy
Jose Varghese wrote:
> Building security awareness is the key.
>
> Technology keeps changing - mobile phones with disk drives. These
> technologies are quite handy. I feel it is counterproductive to try and
ban
> their usage. Educate the users on the risks and provide them the tools to
> use them securely!
>
I agree on the point that these technologies should not be banned from
the organization, I'm looking at ways to restrict them.
User induction is a good approach, yet we should not forget that typical
users are ignorant as ever. They always try to stick in to the
convenient end of the line, where we expect them to stick to the secure end.
Up to now I realized following things from the discussion,
1. People Carrying Data in removable media....which information might be
at a risk if they lose the media.
- Solution would be Encryption
2. People taking restricted data out of office premises. Information
Leakage.
- Any Solutions for this...?
anything else?
Kosala Atapattu
[ reply ]