Page 1 of 2 12 LastLast
Results 1 to 16 of 20

Thread: Restrict USB Storage Devices in an Enterprise Environment

  1. #1
    www.evilmunky.com EvilMunky's Avatar
    Join Date
    Jul 2004
    Location
    www.evilmunky.com
    Posts
    1,396
    Thanks
    10
    Thanked
    6 times in 5 posts

    Restrict USB Storage Devices in an Enterprise Environment

    Hi All,

    Thought I had asked this previously here before but couldnt find my post so I thought I would ask the question again.

    I am looking for a software based solution that allows USB Storage Devices to be controlled.

    Requirements of the software are as follows:

    • Must be an enterprise solution / Centrally managed
    • Must have ability to "Authorise" certain devices - ie after we scan them
    • Must not restrict usb devices such as keyboards / mice etc
    • Ability to set a time limit on device authorisation to allow temporary access


    As a bit of background that may help explain the need, the site I currently work on has a number of network machines that are in a "public" type area - meeting rooms / drop in rooms etc. For one reason or another, these machines have to have connection to our standard network (details to follow). they are commonly used by outsiders who more often than not bring data along on a USB storage device.

    Our environment is a Windows 2003 Active Directory based network, with a mix of Laptops and Desktops all running Windows XP sp2

    My end goal is to have all public machines (and normal users machines if i can get away with it) protected with this solution that will only allow authorised devices on our network. Devices will be authorised by IT staff (my team) at specified workstations after having been through a thorough AV scan.

    I think that about covers it - so if anyone out there is using any software in a similar environment I would be interested in their feedback.

    I am aware there are many different solutions out there and am capable of using Google myself, but am particularly interested in peoples experiences.

    Thanks in advance

    Kip

  2. #2
    Splash
    Guest

    Re: Restrict USB Storage Devices in an Enterprise Environment

    You can block USB storage by GPO easily enough, but it sounds like you need something a little more complex

  3. #3
    MrP
    MrP is offline
    Senior Member
    Join Date
    Aug 2005
    Posts
    596
    Thanks
    8
    Thanked
    5 times in 5 posts
    • MrP's system
      • Motherboard:
      • Abit IP35
      • CPU:
      • Q6600 @ stock (for now!)
      • Memory:
      • Kingston HyperX 4GB 8500C5
      • Storage:
      • WD 640gb
      • Graphics card(s):
      • ATI 4870
      • PSU:
      • Corsair HX620
      • Case:
      • Coolermaster Wavemaster
      • Operating System:
      • W7
      • Monitor(s):
      • Apple 20" Cinema display
      • Internet:
      • Virgin 10MB

    Re: Restrict USB Storage Devices in an Enterprise Environment

    i'd be interested in this for a different reason.

    we dont mind people using memory stick and portable hard disks, but people keep bringing in keyboard, mice and printers in from home which would be nice to stop.

  4. #4
    Senior Member
    Join Date
    Aug 2005
    Location
    Surrey
    Posts
    299
    Thanks
    3
    Thanked
    4 times in 4 posts

    Re: Restrict USB Storage Devices in an Enterprise Environment

    We use Disknet Pro
    Check Point Software: Reflex Disknet Pro

    Personally I find it awful as it seem to disable file sharing even the admin$ share for some reason without tweeking the registry, but that might just be a conflit with the av. Also it won't uninstall with anythign other than the use that installed it.

    Other that than it does everything you asked for and is fairly easy to mange and it uses AD groups.

  5. #5
    www.evilmunky.com EvilMunky's Avatar
    Join Date
    Jul 2004
    Location
    www.evilmunky.com
    Posts
    1,396
    Thanks
    10
    Thanked
    6 times in 5 posts

    Re: Restrict USB Storage Devices in an Enterprise Environment

    Splash - Yes I can do the blocking Via a GPO easily enough, but blocking everything isn't what i need.

    Hadn't heard of Disknet pro mark, will have a read up on it.
    THanks

  6. #6
    Pedandic mo-fo IAmATeaf's Avatar
    Join Date
    Jul 2006
    Location
    South of the Watford Gap!
    Posts
    896
    Thanks
    0
    Thanked
    11 times in 11 posts
    • IAmATeaf's system
      • Motherboard:
      • Asus P5Q Deluxe
      • CPU:
      • Q6600@3.25
      • Memory:
      • 4 x 2GB Corsair 6400C5DHX XMS2
      • Storage:
      • 2 x 0.5TB 7200.12, 2 x 1.5TB 7200.11
      • Graphics card(s):
      • Gigabyte GTX460 OC
      • PSU:
      • Corsair HX520
      • Case:
      • Lian Li PC6089B
      • Operating System:
      • Windows 7 Pro x64
      • Monitor(s):
      • Samsung T240 24"
      • Internet:
      • 6Mb ADSL Max

    Re: Restrict USB Storage Devices in an Enterprise Environment

    We use Sanctuary Device Control:

    USB Security - USB Blocking Software & Port Protection of Removable Devices

    Seems an OK product for us, we use it to control cd/dvd writer access and usb device access, it sort of loosely integrates with AD so a bonus.

  7. #7
    Splash
    Guest

    Re: Restrict USB Storage Devices in an Enterprise Environment

    Quote Originally Posted by EvilMunky View Post
    Splash - Yes I can do the blocking Via a GPO easily enough, but blocking everything isn't what i need.

    Hadn't heard of Disknet pro mark, will have a read up on it.
    THanks
    I figured as such. If it helps a call centre I just put together operate a "no usb or local storage" policy on the agents' machines. This is all controlled using a single GPO applied to an OU with all these machines in. Management machine sit in a seperate OU and as such are exempt, and if a machine becomes deemed a management box it's a simple case of moving it to the management OU and rebooting.

  8. #8
    www.evilmunky.com EvilMunky's Avatar
    Join Date
    Jul 2004
    Location
    www.evilmunky.com
    Posts
    1,396
    Thanks
    10
    Thanked
    6 times in 5 posts

    Re: Restrict USB Storage Devices in an Enterprise Environment

    Thanks IAmATeaf - will check that one out.

    Splash, unfortunately the environment in question needs to be more flexible than that. I need all users and all machines to be able to use authorised pen drives only.

    This is not for the purpose of restricting data transfer but for the purpose of restricting incoming threats. I have done similar with the GPO's and whilst they are highly powerfull, they just dont help me in this scenario.

    cheers

  9. #9
    Member
    Join Date
    Dec 2007
    Posts
    133
    Thanks
    3
    Thanked
    2 times in 2 posts

    Re: Restrict USB Storage Devices in an Enterprise Environment

    Out of interest, why do you need externals to be able to bring in USB devices and use them at all on your corporate network?

  10. #10
    www.evilmunky.com EvilMunky's Avatar
    Join Date
    Jul 2004
    Location
    www.evilmunky.com
    Posts
    1,396
    Thanks
    10
    Thanked
    6 times in 5 posts

    Re: Restrict USB Storage Devices in an Enterprise Environment

    Our organisation has academic links where people can have a number of "base" offices and access to a number of different systems. These people are authorised on our network as well as on other networks.

    We also have a large number of meeting / presentation setups which will ahve presentations run that will need access to our network.

    Messy I know, but thats inheritance for ya.

  11. #11
    Pedandic mo-fo IAmATeaf's Avatar
    Join Date
    Jul 2006
    Location
    South of the Watford Gap!
    Posts
    896
    Thanks
    0
    Thanked
    11 times in 11 posts
    • IAmATeaf's system
      • Motherboard:
      • Asus P5Q Deluxe
      • CPU:
      • Q6600@3.25
      • Memory:
      • 4 x 2GB Corsair 6400C5DHX XMS2
      • Storage:
      • 2 x 0.5TB 7200.12, 2 x 1.5TB 7200.11
      • Graphics card(s):
      • Gigabyte GTX460 OC
      • PSU:
      • Corsair HX520
      • Case:
      • Lian Li PC6089B
      • Operating System:
      • Windows 7 Pro x64
      • Monitor(s):
      • Samsung T240 24"
      • Internet:
      • 6Mb ADSL Max

    Re: Restrict USB Storage Devices in an Enterprise Environment

    Well Sanctuary should be able to copw with all the above, you can also mirror copied data and restrict the amount the data a user can copy per day. Permissions can be applied per user, per computer or per AD global groups, you can also scan a device remotely so if a user brings in a pen drive, you can ask them to plug it in, get it's unique ID, grant perms and then push the changes out.

    Quite a neat product really and the project i'm currently working on helped to mould the product so that's it's a bit more flexible then it used to be.

    EDIT: if the user base is large don't forget to negotiate a good discount, can't remember how much it costs us but it's not much per seat.

  12. #12
    www.evilmunky.com EvilMunky's Avatar
    Join Date
    Jul 2004
    Location
    www.evilmunky.com
    Posts
    1,396
    Thanks
    10
    Thanked
    6 times in 5 posts

    Re: Restrict USB Storage Devices in an Enterprise Environment

    Sounds like what i am lookin for. nice one

  13. #13
    Member
    Join Date
    Dec 2007
    Posts
    133
    Thanks
    3
    Thanked
    2 times in 2 posts

    Re: Restrict USB Storage Devices in an Enterprise Environment

    What happens if someone uses a cd/dvd with files on then? How would you scan for viruses there?

  14. #14
    Furry Shorty's Avatar
    Join Date
    Jul 2003
    Location
    Manchester, UK
    Posts
    1,237
    Thanks
    1
    Thanked
    2 times in 2 posts

    Re: Restrict USB Storage Devices in an Enterprise Environment

    You can also try DeviceWall for a comparable product on your business case and costings
    "In a world without walls and fences, who needs Windows and Gates?"

  15. #15
    Pedandic mo-fo IAmATeaf's Avatar
    Join Date
    Jul 2006
    Location
    South of the Watford Gap!
    Posts
    896
    Thanks
    0
    Thanked
    11 times in 11 posts
    • IAmATeaf's system
      • Motherboard:
      • Asus P5Q Deluxe
      • CPU:
      • Q6600@3.25
      • Memory:
      • 4 x 2GB Corsair 6400C5DHX XMS2
      • Storage:
      • 2 x 0.5TB 7200.12, 2 x 1.5TB 7200.11
      • Graphics card(s):
      • Gigabyte GTX460 OC
      • PSU:
      • Corsair HX520
      • Case:
      • Lian Li PC6089B
      • Operating System:
      • Windows 7 Pro x64
      • Monitor(s):
      • Samsung T240 24"
      • Internet:
      • 6Mb ADSL Max

    Re: Restrict USB Storage Devices in an Enterprise Environment

    Quote Originally Posted by pendulum666 View Post
    What happens if someone uses a cd/dvd with files on then? How would you scan for viruses there?
    Not too sure what you mean, if the user doesn't have access it's prevented at almost the hardware level so they'd never get to the files on the cd/dvd, if they have access then the cd/dvd behaves in the normal way and would depend on your AV settings.

  16. #16
    Member
    Join Date
    Dec 2007
    Posts
    133
    Thanks
    3
    Thanked
    2 times in 2 posts

    Re: Restrict USB Storage Devices in an Enterprise Environment

    I mean all this talk of limiting infected files entering the network via usb storage devices...what if someone whacks in a cd...I take it the OP controls that already there.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Help! Usb Memory Stick - Drive Configuration
    By JohnTompson in forum PC Hardware and Components
    Replies: 2
    Last Post: 28-01-2008, 02:51 PM
  2. USB mass storage devices not working
    By Rave in forum Help! Quick Relief From Tech Headaches
    Replies: 4
    Last Post: 18-12-2005, 02:51 PM
  3. usb storage disk
    By neil chaffey in forum Welcome to HEXUS!
    Replies: 1
    Last Post: 22-08-2005, 01:06 PM
  4. Replies: 14
    Last Post: 26-05-2004, 07:26 PM
  5. Weird Problems - Please Help!!
    By chez in forum PC Hardware and Components
    Replies: 4
    Last Post: 20-09-2003, 06:25 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •