USB Flash Memory Security

Posted on 2009-05-23
Medium Priority
Last Modified: 2012-05-07
Hi Everyone,

I am looking for a solution to USB Flash Memory Security.

USB sticks are getting to be a nightmare with all our users requesting them or bringing their own. The easiest solution is to block USB flash, which was done previously, but that restriction has been removed against not just my advice, but many other colleagues in the IT Dept.

Currently we do not have a Data Leakage Prevention system in place and even if we did, the problem would still lie with the USB sticks as information would still reside on them.

I am looking for a solution that will allow:
1. Encryption of any USB stick
2. Require password authentication
3. Not require escalated priviliges

I have seen Truecrypt and while it is a great tool, I can foresee the users ignoring it as it would be too complex.

The types of USB sticks provided in my country are limited in variety. We don't have the encrypted USB sticks by Kingston and other vendors and would require to order them online.

I have seen the U3 sticks and think they somewhat meet the bare minimum requirement but due to the fact you can install applications on them, I am a bit weary.

If anyone can suggest a software solution or a way to block the installation of U3 apps on the stick, I would be grateful.

Question by:AZJK
  • 2
LVL 33

Accepted Solution

Dave Howe earned 960 total points
ID: 24459697
There is a commercial product that does just what you are looking for - its called "securewave sanctuary"

from a central control console, you can define which devices on windows workstations can be seen at all, and, in the case of removable media (so usb drives/sticks/etc) can force encryption onto the device, which is transparent to the user - the user need do nothing to turn it on or off, the device is encrypted when sanctuary first sees it, works on any machine in the same domain (provided it also runs sanctuary of course) and is unreadable on any other machine; that isn't to say you can't access it outside of your domain - mobile nodes like laptops carry the unlock code with them, and there is a last-ditch password-access control system to make them readable on non-sanctuary machines - but for transparent DLP on removable media, I don't know anything that can beat it.

LVL 23

Assisted Solution

by:Mohamed Osama
Mohamed Osama earned 540 total points
ID: 24463050
I will second the suggestion for sanctuary , it is in use also in our organizasion & does exactly what you need in addition to more advanced features.
before deciding to go with it, you may also wish to evaluate GFI Endpoint security which is also an excellent solution.

LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 960 total points
ID: 24463080
There is also the checkpoint solution as well.


but I find the sanctuary product the best featured - if a little expensive.

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The Windows Firewall provides an important layer of protection and a rich interface to configure it. Unfortunately, it lacks item level filtering. This article details my process of implementing firewall-as-code to reduce GPO bloat.
The onset of year 2018 has been a usual business for IT teams still struggling to find their way out in terms of strengthening their cloud security.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question