While USB drives, PDAs, DVDs, etc have made data sharing convenient; they
have also increased the risk of data theft. DeviceShield provides security
against this by controlling access to removable media devices. It can block
access to ports such as Infrared, Parallel, PCMCIA, Serial, USB, Wi-Fi and
FireWire. It supports devices such as Apple iPod, Blackberry, DVD/CD drives,
modems, PalmOS devices, tape drives and USB peripherals. It can also be used to
prevent users from transferring files of a particular type such as PDF, Doc,
etc. DeviceShield defines access privileges, based on policies. The management
of access privileges is done through a central console. These access privileges
can be granted based on domain, domain group or an individual user. It can also
import users from Windows Active Directory. DeviceShield can be installed on a
server or an individual machine. You can also do an audit from DeviceShield and
find out details such as the persons using removable media and the type of
device being used.
|
Deploying DeviceShield
You can install DeviceShield on a separate Windows machine and when you start
for the first time, a wizard detects the machines running on your network. For
this you can choose whether the wizard should do a NetBIOS or TCP/IP discovery
or both. Next click on the Discovery button to make the wizard search for
machines. Now the wizard will automatically add all discovered machines to its
database. Next the wizard asks you to define the default policy for all users.
Here choose which ports and devices you want to allow or block permanently. For
eg, if you want to block USB devices, select USB devices from Ports menu and
move it to selected devices. Now the wizard will ask you to set an access policy
for the device. Here you can choose from enabled, disabled and restricted. Now
finally the wizard will ask you on which domains and machines you want install
the DeviceShield client. You can just uncheck the machines, on which you don't
want to install the client and click on Finish. This process will deploy the
agent with policies on the machine that you have selected.
In DeviceShield, you can restrict the type of files transferred to a removable media based on extensions |
To customize policies for users, go to the DeviceShield main window and click
on Policies tab. Here, click on a new policy, wherein you would be asked for the
user/group to apply the policy. Now on Authorized/Unauthorized ports and Devices
menu, you can choose devices the user will have access to. Similarly, you can
configure device models of specific brands, which will override default
restrictions. When the user authenticates from domain, the policy automatically
gets attached to it.