Monday, September 27, 2004

Securing USB - Part 2

Over the weekend, I posted an blog entry regarding an XP2 registry key that could help to secure USB devices, and an ADM file to help set the regisry key via policy. Ben Smith, Microsoft Security Guru and a really nice guy made a great point over in the MCT forum: "Keep in mind, this feature has very limited security value. There are still many ways to use storage devices via USB to get data off the machine. For instance, an attacker could make the files .mp3 and copy them to an IPOD or .JPEG and copy them to a digital camera, or even plug a USB CDRW in and burn a disc. Great point Ben - this is registry key closes one hole, but by all means not all. Clearly, there needs to be more control, at the policy level, over all forms of writeable removeable-media. Just when you think you've closed a door, several more open up!

No comments: