[unisog] Pen testers after my own heart...
Paul_Asadoorian at brown.edu
Mon Jun 12 18:15:01 GMT 2006
So, it seems the best recommendation is two-fold:
- Disable autorun via GPO
- Disable usb-storage drivers via GPO
That works rather well (coupled with user education) and covers more than
just USB keys (as Gary points out in this thread as well).
Thanks for the input!
Paul Asadoorian, GCIA, GCIH
3 Davol Square
Suite B 250, Campus Box 1885
Providence, RI 02903
IT Securty Blog
In a bank setting, you'd disable usb-storage drivers via GPO.
Michael Holstein CISSP GCIA
Cleveland State University
On 6/12/06 12:25 PM, "David McBride" <dwm at doc.ic.ac.uk> wrote:
> Paul Asadoorian wrote:
>> I am curious as to what their recommendations were for this particular test,
>> "Tell employees not to put things in their computer" or "fill the USB ports
>> with epoxy". Not so practical....
> Turn off Autorun via a domain group policy?
> At least part of the problem here is not that the users are deliberately
> running untrusted code found on a discarded USB key, but rather that
> their shell is doing it for them!
More information about the unisog