Who's who in portable device control
- By William Jackson
- Jun 16, 2005
The Joint POW/MIA Accounting Command is just beginning the task of searching for a product to secure its network against improper use of portable memory and removable media devices.
'I don't know if there is a third-party vendor who offers everything we're looking for,' said information systems security officer Fred Turner.
But the market is developing rapidly, and products are evolving to meet the needs of such important sectors as government. Here are some examples of how companies are approaching the task of controlling device access:
DeviceWall from Centennial Software Ltd. (www.centennial-software.com
) of England manages connections, intercepting traffic between the device port and the operating system. Requests are matched against an acceptable use policy for each user before the operating system can load the device driver.
DeviceWall integrates with Active Directory for policy management and manages connections for iPods and other media players, small USB drives, PDAs running both Palm and Windows CE operating systems, and SmartPhones.
Centennial's flagship network discovery product, Centennial Discovery, can also produce an audit trail for these devices when used with DeviceWall.
DeviceLock is produced by Smartline Inc. of Moscow and sold in the United States by AdvancedForce InfoSecurity Inc. (www.advancedforce.com
) of San Ramon, Calif. It is a policy enforcement tool that lets administrators assign user permissions for drives and peripherals, much the way permissions are assigned for access to files and folders.
DeviceLock works with Active Directory to control access to USB, FireWire, WiFi and Bluetooth devices on Microsoft Windows 2000 and XP and Windows Server 2003.
Version 5.7, released in February, can audit activity by individual user or user group. Audit records are written to the Windows event log and can be read by any event viewer software, including an Audit Log Viewer built into DeviceLock.
SecureWave S.A. (www.securewave.com
) of Luxembourg, with an office in Herndon, Va., in October 2004 released Sanctuary Device Control, which uses a white list of allowed devices and executables to control access. By default, all portable devices are denied so administrators do not have to worry about blocking the next type to come on the market.
White-listing is done for each user by device class or by specific brand and model of device. Drivers and execution of unauthorized applications are blocked at the OS kernel.
The product also includes Device Shadowing, which not only provides an audit trail tied to the individual user, but also creates a copy of all data transferred from corporate endpoints to authorized devices. The company plans to include shadowing of all data transferred to corporate resources this fall.
William Jackson is freelance writer and the author of the CyberEye blog.