We actually use group policies to disable USB mass storage devices on
all of our client XP systems.  Ok one door of many closed and really a
pain for us IT folks that have (had) software on USB tokens for
installing on to client machines.  We have also reduced outbound email
and monitor for attachments. Outbound FTP is restricted at the firewall
too.  No those pesky web uploads.  Well we are working on those with a
new proxy in line with the firewall.  How many other avenues can you
think of for taking data off the corporate network? 

Christopher Bipes
Information Services Director
CrossCheck, Inc.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Darrell A Martin
Sent: Thursday, March 22, 2007 3:19 AM
To: Midrange Systems Technical Discussion
Subject: USB key drives


This issue has ***Series i ramifications***. We have a number of
DB2 files with confidential data that would fit quite nicely onto many
new USB key drives without being compressed into a SAVF. With all the
doors being opened for access to Series i data "from the outside",
anyone with a little extra authority and a current key drive can walk
away with a frightening range of stuff. Physical access as security has
gone from being marginally useful to being a terrible and dangerous

Anyway, at least one pundit I read somewhere has an entire Linux distro
installed on a USB key drive, with all important programs (network
connection of course, browser, e-mail, text editor, etc.) ready to run.
He can supposedly sit down at a friend's computer, reboot off the key
drive, use Linux, and log off leaving the computer essentially

As to why the different treatment of platters and solid state, it is
because there is a tremendous distinction in one area; size. Solid state
drives are extremely compact and frequently disguised as other gadgets. 
The largest available devices are gaining capacity at breakneck speed
and with only tolerable increases in price. The issue is not technology,
but security. It just isn't easy to walk off with a reasonably priced
platter-based device in one's pocket.

I am not defending Microsoft's "no choice" elimination of USB key drive
backups. "Isn't easy" is a far cry from "isn't possible." But the folks
in Redmond have been, properly, excoriated for their past "convenience
trumps security" approach to a lot of things. This swings the pendulum
the other way. It isn't all that rational, but it certainly is *not* on
my list of reasons for not moving to Vista.

This thread ...


Return to Archive home page | Return to MIDRANGE.COM home page