Secure USB drives for forensic services
The Forensic Science Service (FSS) has just completed the roll out of a new product to securely manage the use of removable storage media such as USB keys and digital cameras within the service.
The Forensic Science Service (FSS) has just completed the roll out of a new product to securely manage the use of removable storage media such as USB keys and digital cameras within the service.
The ease with which devices like USB keys can be used with computer systems means that the host system is vulnerable to security breaches.
Dave Debenham, XP Project Technical leader outlined the solution the service has now implemented: During the pilot roll-out of XP across our organisation, we found that the plug and play element posed a major risk to our network and so we began investigating solutions that could help us to minimise the risk from USB devices while also enabling access to those that required it. We have two infosecurity staff with responsibility for management of access rights and new additions of hardware for more than 2,000 FSS employees.
I evaluated three products, HP Protect Tools Device Manager, Reflex Magnetics DiskNetPro 4 and SecureWave Sanctuary Device Control. I was looking for a product that would allow us to manage granular access to devices, so that individuals could be given authorised access to specific removable storage media, while the majority were blocked from uploading or downloading data in this way. Sanctuary Device Control was the only product that would allow me to give certain members of our organisation access to specific devices.
For example, I can enable digital cameras to be connected to a desktop or laptop by an authorised employee for the purpose of uploading scenes of crime photographs. Because Sanctuary Device Control integrates with Active Directory, we can provide authorised USB device access to specific personnel, no matter where they log in. It is crucial that those people are able to access these devices wherever they are working within the organisation.
Sanctuary works on a centrally managed default deny basis where only authorised personnel are allowed to connect specified removable devices to the organisations desktops and laptops; all other access is denied to the user attempting to make a connection.
Debenham further explained his reasons for choosing the SecureWare system: The FSS has a government-restricted network and links to other government networks such as the GSI and CJX (Criminal Justice Extranet). We are using anti-virus software from Sophos, but we are also currently trialling Sanctuary Application Control, which applies a default deny environment to all executable files and applications. So if a file is not specifically authorised it will not be permitted to run on the network; this prevents any spyware, malware or Trojans from executing.
SecureWave Sanctuary Device Control was one of the first IT security product to be awarded the UK Government CSIA Claims Tested (CCT) Mark.
