Home    Forums    Feature Requests    Beta Issues    SysAid Resources    Documentation    Support
Hello Guest,  Login   
        
    
     Recent Topics    Hottest Topics    Online Members    Member Listing    Advanced Search
USB-stick... friends or foes ?  XML
Forum Index » General IT Discussions
 
Author Message
Drako786
Super SysAider


SysAider from release 5.5 United States
Joined: 19/06/2008
Messages: 63
Location: Elko Nevada USA
Offline

I've noticed that there is a good portion of Sysaiders that believe in locking the USB ports. I think it is rather interesting, but understand the reason. USERS DON'T LIKE TO LISTEN WHEN WE SAY, "NOT EXTERNAL DEVICES" One of our policies says that nothing may be imported from an external source that has not been approved by the organization. Do you know how may times I remote into a computer and find a personal picture set as the desktop background? When we ask, "Where did that come from?" the typical responce is, "What do you mean?" Then a lecture about the security implications starts and we end up having to be the bad guys when we tell them to remove it from their computer. Most think that if they e-mail it to themselvs, then it is ok. That still counts as an unapproved external source. aaaarrrrgggghhhh It's enough to drive you mad. Only a small handfull of people are allowed to have such things, and they are the ones on top of the totem pole. We don't say anything to them. What's funny is that most of the higher ups prefer to lead by example and have the standard Windows provided backgrounds on their computers. I laugh and cry at the same time.

Genius is more often found in a cracked pot than in a whole one.
E. B. White
Obelix
SysAid Wiz


SysAider from release 3.1 Indonesia Pathfinder
Joined: 12/06/2008
Messages: 807
Offline

Drako...
We haven't go that far... but users have this habit of trashing their own freedom by misusing it. It's not funny if you have Jessica Alba half naked in almost every screen (with different poses of course...) when you try to be professional in front of clients...

McBackett...
Wow... SysAid in an IT security company. So SysAid pass your criteria for a secure product ?

That is not a bug, it's a feature...
MBeckett
Super SysAider


SysAider from release 5.1 United Kingdom Pathfinder
Joined: 07/07/2008
Messages: 68
Location: England, UK
Offline

Obelix wrote: McBackett... Wow... SysAid in an IT security company. So SysAid pass your criteria for a secure product ?


I will answer on the behalf of 'McBackett'.

Well Sysaid was implemented into our company before I took charge but to be honest they're heading in the right direction. Hopefully they can keep up the good work as well as the pace.

There is so much to ask for but is everyone actually using Sysaid to it's full potential? We're certainly not!

This message was edited 1 time. Last update was at 15/07/2008 07:46:42


"REEEEBOOOOOOOOOOOOOT!"
BJINS
SysAid Wiz


SysAider from release 5.5 United Kingdom Pathfinder
Joined: 08/08/2008
Messages: 530
Location: United Kingdom
Offline

We have no free USB drives. The company will only provide USB sticks to individuals such as myself who 1) have the authority to remove/copy data from the network 2)can check for viruses etc. Were someone to request the removal of data to a memory stick it would first have to be approved by their line manager then the stick would be given to us to make the copy so that we can track and keep a register of all movement of files from the network. After the time that the stick has been allocated or the previously agreed amount of time the file has been requested for we will also take the stick again to ensure removal of the file.

Half of this is a pointless exercise because they could simply copy the file to the home machine but hey-ho!

We are more careful that all sticks placed in the network and files travelling in/out are checked for viruses. The same as any CD's/DVD's that are sent out or received.

When the going gets tough, the tough get SysAid
[MSN]
Obelix
SysAid Wiz


SysAider from release 3.1 Indonesia Pathfinder
Joined: 12/06/2008
Messages: 807
Offline

I have recently forced to extend this policy to the purchasing dept.

I told them my preference of peripherals is one that do not work with USB. So if we bought printers or scanners we go with pararel ports. Keyboards and mouse we go with ps2... so on.

I know it's nuts cause USB is more and more ubiqutous in nature but I caught a user unplugging a scanner from a pc so he can load "work files" from his personal USB stick to that pc !

Unbelievable...

That is not a bug, it's a feature...
MBeckett
Super SysAider


SysAider from release 5.1 United Kingdom Pathfinder
Joined: 07/07/2008
Messages: 68
Location: England, UK
Offline

We have tight control policies within our environment where only certain authorised members can use ONE particular USB stick that is owned by the company and encrypted (with endpoint control policies applied also).

This ensures that if the USB stick gets in the hands of another individual then they will not be able to use the stick or 'steal/move' the data.

"REEEEBOOOOOOOOOOOOOT!"
Overbear
SysAider


SysAider from release 5.5 United States
Joined: 03/09/2008
Messages: 13
Offline

I am just blown away by how paranoid some IT departments are.

Myself, I have found in my many, many, many (too many) years in the field, that restricting things just makes the users try harder to find a way around it. Rather, I provide USB items like jump drives, and 10-20 minutes of instructions on how to use them, when to use them and so on. This has proven to be the best by far route, as I do not end up dealing with virus attacks, stolen/lost jumpdrives, or lost/stolen company data. The users are smarter about how they use them, and respect the "trust" put in them.

I have always fought against tying down networks and data transfers. It is to the detriment, not the benefit, of our users, and ultimately our security to treat people like children. Put a fence up, someone WILL climb it, put a gate in the fence that says "come on in, here are the rules" and they will use that and respect the rules posted.


*PS* We just started to beta test the SysAid product for our internal help desk, and so far ive found nothing but love for it. It is far superior to some of the oracle front ends, and leaps and bounds better than helpstar and its like.

Obelix
SysAid Wiz


SysAider from release 3.1 Indonesia Pathfinder
Joined: 12/06/2008
Messages: 807
Offline

Define "many, many, many (too many) years"...

That is not a bug, it's a feature...
Overbear
SysAider


SysAider from release 5.5 United States
Joined: 03/09/2008
Messages: 13
Offline

Obelix wrote:Define "many, many, many (too many) years"...


Comming up on 25 years of server side, and desktop support, 5 of that done in network security with a major bank . Heck I date back to the days of fidonet and birdnet(thats pre internet BBS 'email' systems, very crude setup that ran on the university backbones and a 'cloud' of joined by modem bbs sites)...I am old

Obelix
SysAid Wiz


SysAider from release 3.1 Indonesia Pathfinder
Joined: 12/06/2008
Messages: 807
Offline

And I'm happy for you...
*raise a cold cold mug of coke and smile*

This message was edited 1 time. Last update was at 04/09/2008 10:41:47


That is not a bug, it's a feature...
Overbear
SysAider


SysAider from release 5.5 United States
Joined: 03/09/2008
Messages: 13
Offline

Obelix wrote:And I'm happy for you...
*raise a cold cold mug of coke and smile*


I am curious, why do you lock down USB so tightly? Is it a company thing, or is there legal conserns (IE. DOD, DOJ, etc..) that control what you have to do?
Obelix
SysAid Wiz


SysAider from release 3.1 Indonesia Pathfinder
Joined: 12/06/2008
Messages: 807
Offline

If you have to ask, sir... you'll never understand.
Which make a lot of sense knowing your philosophy.

I'm not being sarcastic or patronizing.
I believe you, cause 25 years ago... I'm still jumping of fences in my superman suit which brief stretch to my thighs.
*giggles*

I'ven't (did I just invented a new word ???) seen them all...
Won't try to claim I have.
*slight bow wider smile*

That is not a bug, it's a feature...
jperryman
SysAider


SysAider from release 5.5 United States
Joined: 07/10/2008
Messages: 2
Offline

techguy wrote:I wish windows had an out of the box group policy for permitting rights to the usb ports only for certain users on certain machines, then I wouldn't have to disable in the bios all the usb ports and password protect them to comply with data theft regulations.



Actually, you can set group policies to disallow executables to run on certain workstations. We lock down public workstations using this method.
The better way might be to only show the drives you want to be seen...there is a registry edit that can be used to hide drives.

This message was edited 2 times. Last update was at 07/10/2008 08:50:11

HCNW
SysAider

SysAider from release 4 United States Pathfinder
Joined: 26/06/2008
Messages: 22
Offline

We are a medical practice, and as some may know, HIPAA security is very very important. (Protecting patient information).

Locking out the USB ports is a GREAT idea, however, it seems computer mfgr's are trying to move to USB as a standard.
Currently our PC vendor has eliminated the normal mouse and keyboard ports on the PC. Everything comes USB now.
I'm sure we could, maybe for a little extra money, get our normal ports back, BUT, I can see down the road in the future everything being USB.


-------------------------------------
Julia - HCNW
-------------------------------------
Obelix
SysAid Wiz


SysAider from release 3.1 Indonesia Pathfinder
Joined: 12/06/2008
Messages: 807
Offline

Indeed...
Newer motherboards now list USB stick as one of the media you can boot from. I don't know if I should cheer or grief.

We don't have such powerful gov policy down here but cases of people abusing this otherwise cool device are piling up.

Luckily anti malware vendors also see this dilema and already start the effort to tackle this problem. Some use application that tightly work with os that could give access only to specific USB, some produce custom USB sticks that work like dongle.

Some common sense like never EVER let user have local admin rights also help a lot.

If you got a gov policy to back you up can't you use that to "demand" the PC vendor to provide "policy compliant" hardware ?

That is not a bug, it's a feature...
Forum Index » General IT Discussions
Go to:   
Free Help Desk Software
Free Asset Management Software
SysAid Helpdesk Software
Web Based Help Desk Software
SysAid Help Desk Forum
General IT Discussion Forum
SysAid CSS Customer Service Software
Customer Support Software
   SysAid Technologies Ltd.
   Toll-Free phone center (U.S.): 1-800-686-7047
   Offices - U.S.617-231-0124
   Israel:+972-3-533-3675
   Skype account:ilient
   Email:helpdesk@sysaid.com
   MSN Web Messenger: helpdesk@sysaid.com
   Optimized by SEO Israel
   SysAid logos and other SysAid Technologies marks
   are trademarks or registered trademarks of
   SysAid Technologies Ltd.
   All Rights Reserved by SysAid Technologies Ltd.
   2002-2009
   Live Support Hours
   07:00 AM - 09:30 PM (GMT)
   02:00 AM - 04:30 PM (EST)

   We provide worldwide services, and we do our best
   to match the working times of customers from
   different time zones.

   SysAid Help Desk Software and Asset Management Software
Privacy Policy © Terms Of Use