Securing portable storage devices

With portable storage devices becoming more and more popular, IT staff have had to come up with is ways of protecting the sensitive data on their networks from such devices.

Not only do these devices able to store large amounts of data but they can also carry programs such as browers, utilities and of course keyloggers or other malicious content. This poses a huge security risk to company data and infrastructure. So how do you do your protect yourself from such risks? Well below I will step through a few workarounds that I have come up with:

• One way to disable portable storage devices is to disable the USB functionality all together. This can be done in the BIOS. (each BIOS is different so the steps maybe different for your machine)
• Restart your machine, once the machine is rebooted it should show in the top left or right of the screen "Setup" or "BIOS Config" hit the associated key that shows next to that.
• You may have to search around in some of the menus for "USB Support" or "USB Device" It can usually found in the advanced configuration. Set that to disable. This will disable any USB device that you may have connected to the machine. Including printers, keyboards, mice, PDA's.
• Then you can "Exit and Save"

Of course as mentioned above that this will make all USB devices cease to function. This may or may not be ideal in your particular environment. So there is any other way around this in Windows.

Since Windows has incorporated Plug'n'Play in their operating systems, it has been at times a blessing and in other times it has been a security nightmare. In this case most USB storage devices are automatically installed and don't need administrative privileges to install. One way around that is in a corporate environment is to use policy editor and block all USB devices from being installed. This can also be done in Active Directory group policy editor.

The problem in this method lies in: how do you allow certain devices to work and not others. If you use policy editor it will do it for certain groups or domain wide. However, if you want certain machines, the ability to use USB devices but not storage devices then you can do the following:

• If no USB storage devices have been used then:
• Search for the following files:
• %SystemRoot%\Inf\Usbstor.inf
• %SystemRoot%\Inf\Usbstor.pnf
• Then when you have located then set the permissions to Administrator to Allow and Everyone set to Deny, and other user groups that you don't want installing the device should also be set to Deny.

• If the storage device has been installed then you will need to edit the following key in the registry: !Make changes to the registry at your own risk!
• HKLM\SYSTEM\CurrentControlSet\Services\UsbStor
• Once you have located the above key then you have to change the hexadecimal value to 4.

I have tested the above in Windows 2000 environment, with many different USB keys and it works. Of course one might ask why would you want to allow anyone access to install any USB device. Well when your Administrative staff uses PDA's then you tend to find ways of being secure but allow the people that sign your check the ability to synch their Contacts. As always do adequate testing before implementing anything like this domain wide. If you have any questions drop me a line.

"Crikey"

The world has lost a great animal conservationist this weekend. Steve Irwin, was passionate in the protection of many of the worlds threatened animals. If you have ever watched him you would know that he was crazy, fun-loving guy. I send my condolences to his wife, and his two kids. Lets hope that his efforts of protecting animals will continue.

On another note I came across an blog entry on Digg last night, it was created by Jason Calcanis from Netscape fame. The title of the entry was "The Discovery Channel Killed Steve Irwin". If you read the article he basically says that because the Discovery Channel was trying to get higher ratings they get these people like Steve Irwin to do crazy, dangerous stunts. Well I think that is total B.S.

Steve Irwin used Discovery as much as they used him for ratings. He used that medium to spread his message about the necessity of crocs in the environment. Steve would have been wrestling, capturing, and saving crocs and other dangerous animals, with or without a TV show.

The Discovery Channel didn't create "naturalists' that have to risk their lives to be credible" Steve the TV persona was created by the love and passion of the fans that watched him on his show in Australia long before The Discovery Channel picked him up. That just sent his message across the world instead of in his own backyard.

The bottow line is that there is no one to blame for Steve's untimely death. Thats why they call it an accident.

Picture: Australian television presenter Steve Irwin, The Crocodile Hunter, lifts up a snake onstage at Nickelodeon's 15th Annual Kids' Choice Awards in Santa Monica, Calif. (CP PICTURE ARCHIVE/AP, Lucy Nicholson

World Trade Center

I saw the movie "World Trade Center" over the weekend. When the movie was starting to be advertised through the news media and over the internet, I was a little pissed off. I was mad that someone was making a movie to profit off such tragic part of American history. Well that changed once I seen the movie...

I have to say there wasn't a dry eye in the movie theater, even I was a little choked up. It was tastefully done, seeing it in the theater it was easy to feel like you were right there when it all went down. Because I have child now it was easy for me to sympathize what the two men trapped in the towers after the collapse were thinking about. I mean I couldn't imagine my daughter growing up without a mom or dad. They were torn between protecting themselves from harm and their jobs of protecting the public.

A lot of families are now with out a mother or father and some without both, all because a religious movement doesn't agree with American politics or ideologies. I guess its not really an American problem anymore, they (extremist Muslim) want to hurt anyone that is part of a democratic society that is different then theirs. Its a shame.

Not only did that event cause the deaths of many people, it also changed the way that people perceive their fellow man. People now profile everyday their life now. Making sure that they aren't sitting next to a person that they perceive to be Muslim on a plane, on a bus or on a train. They are watching to see who is moving into their neighborhoods and who is playing with their kids. Its a perpetual cycle that will not be broke now or in the future, unless we as parents teach our kids to be tolerable to other cultures. Its not unlike the American history with black slaves there is still a great deal racism that goes on; only because there is a great deal of adults that pass that racism onto their children.

Do I feel that the offending parties of the tragedy should be punished? Yes, I think they should but I don't think that Muslims in general should be punished. We can't allow the government or anyone else start profiling or taking away the basic freedoms that are in the constitution that Americans in the past fought for. If that happens then the people that orchestrated 9/11 have won more then they could ever imagine, we have let the fear created in aftermath dictate the future. Of course that is just my opinion.

So yeah...

I discovered that I created a blogger account that I haven't used in almost a year. So I'm thinking that I will start to use it.

I'm not quite sure what it is I'm going to write, I'm thinking that I will do some reviews of the products that I come across. Also some of my experiences in healthcare IT field. Lord knows I have a lot of them.

Twistedf8

If you have any ideas please don't hestitate to contact me at twistedf47e(@)gmail.com