Implementing effective device control has become extremely important to organizations. Nowadays, both, systems & data are exposed to data loss or malware infection. Controlling this exposure without disrupting operations is the main goal of device control and endpoint security. Network administrators require tools that authorize or block access to devices and computers effectively and in real-time. Mobile devices capable of storing or transferring data such as USB storage, smartphones and wireless transceivers need to be managed by device access control tools.
Device Control Software Guidelines
Device control software should be specifically designed to protect systems integrity and keep sensible data safe. USB device control restricts removable devices, portable storage and more from accessing thru computer USB ports and prevents unauthorized users from accessing data stored in USB drives. Access rules can be set beforehand or in real-time from a central administrative console and according to those rules access can be granted or denied. Most importantly rules enforcement needs to be strong to prevent breaches.
Effective USB access control first assigns devices to users and then grants specific devices or group of devices right to operate on specific computers or group of computers in the network. This measures in conjunction with operating systems logging credentials (Two-factor) work together to protect systems and data. Furthermore file transfers from computers to authorized devices need to be monitored and access to authorize devices need to protected by strong encryption.
Protection Measures & Requirement
Redundancy is an important aspect of protective measures as devices capabilities and device status is a variable. For example measures that are effective in blocking devices already in use are different than measures effective to block a device not yet connected, or measures restricting unknown devices to those of devices that are known by the endpoint operating system.
Therefore protective measures need to be active and vary or escalate in accordance to the threat presented. Passive protection measures such as write protect policy or restricting auto run should only be used as back up or in conjunction with active measures but never as sole means of protection, more so they could present false sense of security if they are not well understood. For example Write Protect is many times confused as read-only, read-only is a myth as you need to be able to execute to read. Allowing execution can render any passive measure useless. The same could be said for auto-run restriction as the user or perpetrator could manually run (execute) or be tricked to execute.
For example USB lockdown functions escalation should include preventing drives to load, stopping, disabling, ejecting, and dismounting devices as well as blocking access to desktop and extends to multiple monitor screens if present. Also it is important that devices are not left unusable as it is usual to have devices authorized after they have been blocked.
Device control software should not be designed with the sole purpose of preventing data loss but should upmost regard the integrity of the host system because system infection will lead to data loss and worst as in industrial networks it could put personnel or environment in danger.
Active detection, blocking, alerting and logging should all be present and policy rules should be stored encrypted and be only in readable state from the administrative console interface.
Besides internally logging events and alerts within the device control administrative console application it is important that logs can be sent to a syslog configured server in accordance to rfc5424 so they can be managed at broader scope by LM or SIEM specific tools that gather standardized security logs in general.
This article is curated by Javier Arrospide, CEO of Advanced Systems International / Author of USB-LOCK-RP Device Control Endpoint Security / Software Engineer, overseeing design, development, support, and licensing worldwide. For more information, please visit https://www.usb-lock-rp.com.