The enemy within…..

Following on from the recent security theme I would like to carry this on a little further and discuss an aspect of security in business that may not always be so obvious to everyone.  Most individuals will be aware of the threat that the Internet poses to business as well as the threat that is posed by wireless networks.  However what are great deal of businesses do not understand is that the greatest threat is not always what lies without but in fact it is what lies within.  It is a known fact that a number of employee’s that leave businesses go on to work for other companies but a number of these individuals go on to start their own business.  Either way these, soon to be former, employee’s have access to key information about you business and more importantly your clients.  In the past it has been difficult for this information to be transported out of the business without being easily spotted however with the rise in USB storage devices transport of this data has become much simpler and moreover much more discreet.  So what can you do to stop this, the simplest way is to block USB storage devices and CD/DVD writers to all but the most trusted users.  In order to achieve this you could buy some software to handle endpoint security such as GFI EndPoint Security but for up to 25 computers this costs in excess of £400 which is beyond the reach of most small businesses.  So what can small businesses do to protect themselves; well the answer is through a group policy on the server restrictions can be placed on users or groups of users and I will explain how.

By adding in the ADM template at the bottom of this article you will be able to restrict access to USB storage devices as well as CD/DVD Drives.  Once you have the downloaded file then on your server go to the %SYSTEMROOT% folder this is typically "C:WINDOWS" and copy the ADM file into the "INF" folder.  Once you have done this go into the "Group Policy Management" tool.  Once there if you create a new group policy or edit an existing policy then navigate to "Administrative Templates" under "Computer Management".


Right click on "Administrative Templates" and select "Add/Remove Templates"


Click on "Add" and from the list of files select "ext_storage.adm" and click on "OK", now click on "Close"


Now from the "View" menu select "Filtering" and unselect the "Only show policy settings that can be fully managed" option and click "OK"


Now from the main group policy window under "Administrative Templates" you will see "Custom Policy Settings" and below this you will see "Restrict Drives".  Once selected on the right hand pane you will see the options to disable USB, CD Rom, Floppy and High Capacity Floppy.


Once these are enabled the users which have this policy applied to will no longer be able to use these facilities.  This gives small businesses a means of securing their data without spending the earth.

Attachments: ext_storage.adm

This entry was posted in Business, IT Support, Microsoft, Security. Bookmark the permalink.

Leave a Reply