Wednesday, October 04, 2006

USB Drive Access Control Part 2

So I'm still looking at options for controlling access to USB devices and other forms of removable media.  As you can see in this article, I have a list of potential applications to help me with that.  In the mean time, I discovered a way to help me mitigate the problem.

Some users in my company will require the use of USB flash drives or hard drives, and for that, we need to purchase some software tools to be able to restrict access by user and by device model.  Other users, however, have no use for USB storage devices at all.

The "old school" method of restricting access to USB was to disable the USB ports in the BIOS.  This was highly effective, and if the BIOS was password protected, the user couldn't find a workaround to give them access. 

There were only 3 problems with this method.  First, in theory, a knowledgeable individual could just install a USB card in an available PCI slot.  While this is unlikely considering my user base, it is still a potential risk.  Second, many newer systems, such as Dell's Optiplex GX280, have done away with PS/2 ports for the mouse and keyboard, relying instead on USB.  If you disable all the USB ports, there go your input devices.  Third, it requires a visit to each PC, since I haven't found a way to script BIOS changes yet.

So here's the new and improved method, courtesy of Windows XP SP2:
1. Start the registry editor (regedit.exe).
2. Go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control.
3. From the Edit
menu, select New, Key, and type
StorageDevicePolicies. If this key already
exists, then skip to
the next step.
4. Highlight the newly created key
"StorageDevicePolicies" and
from the Edit menu select New, DWORD Value, type
WriteProtect and
press Enter.
5. Double-click WriteProtect and enter 1 for
Value data. The value
1 makes all the USB drives read-only; a value of 0 will
make them
writable.
6. Close the registry editor and restart the
computer.

I also found way to do this via GPO, here.



Technorati Tags: , ,

Monday, October 02, 2006

Zero-day flaw in Firefox

I've been recommending the use of Firefox for at least a year now, because of the reduced likelihood of encountering a security vulnerability, as well as the better interface and the ability to use add-ons. Now it looks like Firefox's advantage may have been "security through obscurity." As it gains market share on IE, it becomes more of a target for hackers and vulnerability researchers.

While that's not a bad thing, because I firmly believe that the open model of Firefox will ultimately lead to a more secure product, it serves to illustrate that flaws exist in every application.

Here's the link to the story: Hackers claim zero-day flaw in Firefox.

On another note, since this is a javascript-related flaw, there's a great extension for Firefox that is very effective at blocking malicious javascript. It's called NoScript, and it allows you to whitelist any sites you want to run javascript, while blocking any others. It's one of the extensions I always load in a new installation of Firefox.

20 Reasons the World Despises Norton AV?

I found this article, and I'm not sure if I agree with the author completely. It's basically bashing Norton Antivirus as causing more problems than it solves. Here is the article:

http://www.dtgeeks.com/

I personally haven't used Norton Antivirus (the home version) in a number of years, but I have heard some complaints that it is bloatware, and it slows down older PCs to a crawl. Not sure about the other allegations in the article, though.

I am currently running Symantec Antivirus Corporate Edition 10 on my company's network, and I have few problems with it, and the problems I have are not enough to switch, at least not yet. Here are my list of negatives about Symantec AV:
  1. Infrequent updates. I'm not talking about virus definitions. I'm talking about actual updates to the application. They seem to come out every six months or so. I'm not even sure about that, which leads to my next point;
  2. No update notifications. How can I tell if there's a new version out? I either have to check their website frequently, or hope that a tech news site might mention it.
  3. Updates require full install. Why can't Symantec do an upgrade installation? Seems like every update requires uninstalling and reinstalling the server application and the System Center Console.
Not to gang up on Symantec too much, here are my list of positives, which is why I'm actually sticking with them:
  1. VERY quick turnaround on zero-day definitions. Symantec's RapidRelease virus definitions have been very good for me. On the rare occasion that I encountered a virus that Symantec didn't detect (3 times in 6 years), I received an updated definition in under 4 hours each time.
  2. Centralized management. While it's not perfect, the Symantec System Center shows me everything I need to know about the protected computers on my network. The fact that you can centralize your quarantine of suspicious files, and your alerts make it even better.
UPDATE: I found this great site which appears to test how well the leading antivirus products stack up against a database of 315,000 virus samples. Check it out here. While it doesn't list Symantec Corporate on the recent tests, it does list Norton Antivirus, and it appears to have dropped from Number 6 best ranked in April 2005 to Number 22 in August 2006. Seems to be heading in the wrong direction. Note: I can't vouch for the reliability of this site, as I only just stumbled across it. I will update with further details when they become available.

Return from the void

Hello everyone, sorry for the long delay since my last post! I have had a number of personal crises to deal with, along with a few professional ones, that have preventing me from posting any updates to this blog for the past 2 months or so. I apologize for that, and I will endeavor to post more frequently to this blog, both for my own benefit and yours.

Stay tuned for a few new items today, and more to come!