Published on September 12, 2004 By Black Xero In WinCustomize News
The next version of Windows, code-named Longhorn, will do away with Microsoft's laissez faire approach to connecting portable storage devices to systems.

Instead of the familiar Plug and Play (PNP), which has seen little change in function since Windows 95, a new technology called "Plug and Play Extensions" will make its debut in Longhorn to allow businesses to regain their rightful jurisdiction over PNP devices.

A consensus has formed among security professionals that the industry's chief concern with PNP devices is portable storage. Unauthorized portable storage devices have been viewed as a growing risk to corporate networks. As these drives become smaller, yet have more capacity, organizations are worried that users will use them to steal corporate information.

In 2003, Touchtone Entertainment produced a film called "The Recruit" where a rogue agent of the Central Intelligence Agency was able to circumvent the US Military's National Security Systems (CNSS) standards and covertly extract sensitive data from the agency's computers simply by using a USB key storage device hidden in a coffee mug.

Although "The Recruit" was just a movie, it is a tangible example of the type of threats organizations face from a bevy of devices including USB hard drives and key-chain drives. Even seemingly innocuous gadgets like portable music players, media smart cards and digital cameras can pose a risk.

A July 2004 report by Gartner Inc. went as far as to recommend that its clients consider banning such devices, citing the risk of virus infection and the exposure of data.

However, some organizations may want to allow limited use of portable storage devices. To this end Microsoft has taken the interim step of including a registry key in Windows XP Service Pack 2 that changes the permissions on block storage devices to read-only.

(Source: www.betanews.com)

Comments
on Sep 13, 2004
EEEEEEEEK! People have big disks now. Must run, hide!
on Sep 13, 2004
Honestly, why not get rid of floppies too, and zip disks... Heck, we might as well ban burnable CDs and DVDs, or perhaps email and FTP. Certianly any protocol that permits data transfer should be banned.

If you want to stop data from transfering, unplug the network and seal the computer with cement. Then if you come back work and see it busted open you will defintely know that data has been trasfered without authorization. I think I may just send this tip to Bill.
on Sep 15, 2004
They should just rig thumbdrives that it pops up warning window to admin computers or something. If it does not detect a network then no warning...

If your serious about protecting your data in a business why dont they just not put disk drives,

If someone had to retreive sensitive data make it hard to do so, build another room that has burners and usb ports and that the door logs in your entry and thats its under camera surveillance.

Just ideas... Then again Bill just wants to stur up things cause he has nothing left to do with his billions. We should just call him Mr. Burns from now on.
on Sep 19, 2004
Makes sense. When I worked at Dell, I regularly brought in a USB drive and copied information building my case for a hostile work environment for IT guys. These files, along with the emails I forwarded and the photographs and movies I took with my cell and the audio I captured with my audio recorder during meetings helped to prove my case against an indefensibly outlandish managegerial culture at Dell, or "Hell", as we called it. Sure Dell may not think it's kosher, but I think I'll leave that determination where it was rightly made, with OSHA.

One thing rarely mentioned whenever this topic of corporate data lockdowns is concerned is the employee's ability prove misconduct among his superiors, and as such those e-lockdowns remove a powerful tool for accountability.