Sunday, August 26, 2007

This one goes to all of you security and IT personnel, what sort of security would you expect to have on a USB drive that employees use in your organi

Your answer was selected as a Good Answer
Your Public Answer:
“Hi Alon, Here are my expectations on a USB drive. 1- Device authentication: It would be nice to authenticate the hardware the endpoint mutually before attachment. Only authorized drives should connect to authorized endpoints. 2- Policy Enforcement: Ability to enforce bidirectional access control lists (ACLs) between the endpoint (e.g. PC) and the USB drive 3- Enterprise Integration: Ability to extend enterprise policies to the USB drive such as user access management and audit trails. 4- Accountability: Ability to create logs/audit trail on endpoint, or other central management systems 5- Integration with other endpoint devices.(e.g. central device authentication) such as media & I/O devices, CDs. DVDs printers, modems, PDAs, scanners, RIM, iPOD, Bluetooth, wi-fi security and management products . 6- Transparent encryption and remote data recovery 7- Theft prevention, dial home and remote data erase 8- If the USB drive supports applications, then application control is needed, only the signed/approved applications should be allowed to run on endpoint, Integration with other endpoint security tools may be useful - e.g. desktop firewall). 9- Support for integrity checks. Ability run AV, malicious code, and content checks before approval of data access. 10- Support for central backup/restore esp. in transparent mode. Let me know if you have any questions, cheers, - yinal”

No comments: