Recommendations for Port/Device Lockdown software

I am looking for recommendations based on experience for Port/Device lock software that would securely lock down all workstation ports, either as a stand-alone service or capable of being administered from a server. The OS is Windows 2000 for clients and 2000 & 2003 for the Server. It does not have to be freeware or dirt cheap, as the company is footing the bill.

I am evaluating products including Safend and VolumeShield and have not looked at FileLock or DeviceWall yet. What I've found is that some seem overly complicated and hard to install, requiring things like .NET and IIS to run. Seems like the more complicated things get, the more potential headaches they create. Effectiveness, ease of use and reliability (like, what happens if the server crashes) are considerations.

In order to comply with a client requirement, I need to lock all ports (USB, serial, parallel, CD/DVD, Firewire, etc.) to prevent potential theft of data. However, we also need a way of allowing some users access for backing up and of course, allow printers, mice and keyboards to work.

(BTW, your mail address is horribly broken)

What about the solutions discussed in ?

There's always a way to tunnel through the network connection, as well as many other ways to transfer large amount of data. For getting serious, you shouldn't ask if there are any covert channels at all, but only how large their bandwidths are - and can be surprisingly large sometimes.

See above. Most solutions facility such a necessity.

But it's not related to security. It's trivial to build a very own device that identifies itself as one of the printers, but stores large amounts of data.

Take a look at DeviceLock verions 6.0

It can control and audit all devices (USB, FireWire, WiFi, Bluetooth, CD/DVD, etc.). Moreover, it supports data shadowing and white listing of devices.

Thanks, that was on my list.

Clicking on it? AFAIK Thunderbird handles is quite as supposed, retrieving the article from your newsserver by Message-ID.

I thought your job would involve some responsibility, which also includes questioning dubios decisions and probably saving a lot of money and trouble by not implementing stupid ideas.

Anyway, the real threat you're addressing is limiting the exposure of potentially dangerous devices attached to your computer to attack the computers, as well as detection of violations of your written policies. But to smuggle out information.

Go to google groups advanced search. Near the bottom there is an option to search by article-id. Paste in the part after news: and before the terminating '>' -- i.e, paste in

44f47a9c$0$5157$ snipped-for-privacy@newsspool1.arcor-online.net and tell google groups to search. It's a fast search if the article is there.

"Mark J. Wallin" I am evaluating products including Safend and VolumeShield and have not

Check out DeviceLock

It is easy to install and it has much more features than Safend, DeviceWall, VolumeShield all together ;)

here's a product that offers access control for several devices, eg USB, Firewire, com ports, IR, ...

see the links for DeviceLock and PortsLock

you evaluate the effectiveness :)

Jeff