T-Bar said:
Follow-up to microsoft.public.win2000.security
Hello,
Is there a way to find out if a USB device has been attached to a computer
in the past and if data has been copied from this computer onto the device?
If yes, is there a way to find out if certain files or folders were copied
from the local harddrive (or network drive) to the device?
Cheers, T-Bar
In most offices, USB is one of the biggest risks for data
theft by employees and visitors. And unless someone is
caught in the act of stealing the data there isn't much
you can do about it.
For future protection in your workplace, you might want
to investigate options such as disabling USB in the BIOS,
then password protecting access to the BIOS setup. If
that is not an option in your BIOS, then you might have
to consider physically disabling the ports.
In some systems - particularly older ones - physically
disabling the ports can be as simple as open the case
and disconnecting cables that run from ports on the
motherboard to the external ports. In some sytems
there are jumpers on the motherboard.
On newer systems you might have to resort to something
more extreme - such as permanently gluing an obstruction
into each port. I find that bulk USB connectors (such
as used for making your own cables) and a drop of
SuperGlue in each port works perfectly.
If disabling USB on all of your systems is not an option
for you, then you must strictly forbid employees and
visitors from bringing their own USB-capable devices to
your facilities. This includes MP3 players, most digital
cameras, many PDA's and some phones.
USB data theft needs to be addressed as part of a comprehensive
data security plan that also addresses many other issues, such
as the use of CD/DVD burners, devices attached to external SATA,
USB, or FireWire/IEEE1394 ports, wireless security, and so on.
