April 1st, 2005
Locking down devices and ports
Dealing with my justifiable paranoia about people (mostly insiders) siphoning critical/private data off of Windows machines, I recently checked out the latest version of SmartLine’s DeviceLock, which controls access to ports (Wi-Fi, USB, infrared, Firewire, Bluetooth etc.) and devices (flash drives, CD, DVD, tape drives, memory sticks, external drives, etc.) on Windows systems. The software routes requests to a central repository of rules to determine what policy should be applied. For example, devices can be set to read-only (for a wireless card that means no network access) and permissions can be set for groups or individual users, tapping into Active Directory, and by time periods. DeviceLock also provides a White list function, so that you can have exceptions, such only allowing access on the USB port for your corporate or personal flash drive.
However, the USB flash drive detection is specific to the vendor model, not the individual device. If some else had the same model and your account credential, they could access the system. I asked Vladimir Chernavasky, CEO of AdvancedForce, the master distributor for DeviceLock, whether the company had considered distinguishing unique drives. "It doesn’t make practical sense to go with a unique device ID. The data on the drive should be encrypted," said Chernavasky. I would certainly feel more protected if the unique ID were required for access.
Dan Farber, editor-in-chief of CNET News.com, has more than 20 years of experience as an editor and journalist covering technology. See his full profile and disclosure of his industry affiliations.
