Esther,
Thanks for the article. It sheds
light on some of the sources of the problem and in some ways it helps us to
develop effective solutions.
There are all kinds of solutions that can
be implemented to disable USB ports but would they address the root cause of
the problem? What about malicious websites, infected DVDs and even
floppies for computers that still have them?
What we have done is remove admin rights from
desktops (most laptops are exempt) but setup a system that’s flexible
enough to allow for quick privileges escalation when needed. Taking away
admin rights was not easy but there was a very significant drop in infected
computers which gave us time to work on other important aspects of our jobs.
For what its worth, I am running my
computer as a regular domain user and therefore if I were to plug in a device
that’s infected, my computer would be protected (hopefully). I will
also be protected if I landed on a compromised website by accident.
I am curious to find out what others do
with new machines. Do you keep the installations from the factory or do
you rebuild from your own in-house computer image?
Educational and Support
Services 162
[log in to unmask] (517) 432-7541
Submit technical requests at http://help.ess.msu.edu/
From: MSU Network
Administrators Group [mailto:[log in to unmask]] On Behalf Of Esther Reed
Sent: Friday, March 14, 2008 10:39
AM
To: [log in to unmask]
Subject: [MSUNAG] Personal devices
and MSU PCs
Do you allow your users to attach their personal devices to the MSU PCs
that they use (and you support)?
If yes, do you have any protection in place? What works and what
doesn't?
If no, do you have a departmental policy or just rely on
good-citizenship? Do you disable the USB ports on the front of PCs?
We've been wrestling with this issue over here. We do not have a
policy in place; we do allow staff to attach their own USB keys, etc. but we
ask our student staff to not use their devices. Today's CNN article
emphasizes more dangers with allowing users to do this, so I am wondering how
different departments are handling it.
Thanks for any feedback and ideas!
~ Esther
Esther V. V. Reed
IT Systems Administrator