There is no question that USB Flash Drives and their electronic counterparts are a valuable addition to the road warrior’s toolbox. They have also created a nightmare for data security managers and have spawned an entire sub industry that is aimed squarely at portable data storage security.
Earings; http://www.gizmodo.com/gadgets/peripherals/storage/pretec-usb-ear-r…
Also, there are USB drives that are slightly longer — not earings — and hold 1GB.
how about an operating system that can be configured to not automatically mount usb mass storage devices for read write access by standard users.
now you’re being unreasonable here …
Back when companies didn’t want people sneaking off with company files they would simply make sure there was no floppy drive on the computers, to prevent employees from bringing files in they would also make sure there was no CD-rom.
Today that same system could be applied to USB, except instead of making sure there is no port in the computers which would be very difficult today, a solution could be found in disabling USB either in the BIOS or in the operating system itself. I’m pretty sure you could disable it in the BIOS and then set a supervisor password to prevent anyone from restoring USB drive support, and of course in Linux its as simple as disabling the deamon for USB disk support which would require root access to do and then to undo.
That already exist, at least in windows, IT can lock down the USB ports.
Other options are using encrypted USB sticks, and have them only work on specific computers. So then if a person looses it, no one can get the data, and if they are trying to steal stuff they can only steal it as far as the next computer that is set up to use that USB stick.
It would even be enough to restrict USB *drives* (USB mice are allowed, for example) and only prohibit *write* access to these drives. Even more, write access need not be prohibited if the data to be written comes from the drive itself, although this is only useful for some niche cases, like re-organizing data on the drive.
But I agree that encryption is by far the best solution because it brings all advantages of the above and more.
But I agree that encryption is by far the best solution because it brings all advantages of the above and more.
If the encryption software is unloaded, you’re back to having an open port. Something to look out for.