We actually use group policies to disable USB mass storage devices on all of our client XP systems. Ok one door of many closed and really a pain for us IT folks that have (had) software on USB tokens for installing on to client machines. We have also reduced outbound email and monitor for attachments. Outbound FTP is restricted at the firewall too. No those pesky web uploads. Well we are working on those with a new proxy in line with the firewall. How many other avenues can you think of for taking data off the corporate network? Christopher Bipes Information Services Director CrossCheck, Inc. -----Original Message----- From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Darrell A Martin Sent: Thursday, March 22, 2007 3:19 AM To: Midrange Systems Technical Discussion Subject: USB key drives Hi: This issue has ***Series i ramifications***. We have a number of important DB2 files with confidential data that would fit quite nicely onto many new USB key drives without being compressed into a SAVF. With all the doors being opened for access to Series i data "from the outside", anyone with a little extra authority and a current key drive can walk away with a frightening range of stuff. Physical access as security has gone from being marginally useful to being a terrible and dangerous joke. Anyway, at least one pundit I read somewhere has an entire Linux distro installed on a USB key drive, with all important programs (network connection of course, browser, e-mail, text editor, etc.) ready to run. He can supposedly sit down at a friend's computer, reboot off the key drive, use Linux, and log off leaving the computer essentially untouched. As to why the different treatment of platters and solid state, it is because there is a tremendous distinction in one area; size. Solid state drives are extremely compact and frequently disguised as other gadgets. The largest available devices are gaining capacity at breakneck speed and with only tolerable increases in price. The issue is not technology, but security. It just isn't easy to walk off with a reasonably priced platter-based device in one's pocket. I am not defending Microsoft's "no choice" elimination of USB key drive backups. "Isn't easy" is a far cry from "isn't possible." But the folks in Redmond have been, properly, excoriated for their past "convenience trumps security" approach to a lot of things. This swings the pendulum the other way. It isn't all that rational, but it certainly is *not* on my list of reasons for not moving to Vista.
This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact