
	Home > Ask the Security Experts > Platform Security Questions & Answers > Encryption and password protection methods for removable storage devices

Ask The Security Expert: Questions & Answers

EMAIL THIS

Encryption and password protection methods for removable storage devices

EXPERT RESPONSE FROM: Michael Cobb, featured expert

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 08 September 2005
In light of the plethora of removable storage devices, such as flash drives, etc., what do you recommend for reducing the possibility of data being accessed by the "wrong people?" Also, what are the best methods and practices for encryption and password protection for these devices?

The proliferation of removable, high-capacity storage devices and fast data connections, such as USB and FireWire ports, make controlling data transfer at the desktop a major security issue. The threat of uncontrolled portable media devices is of particular concern because they can be used to remove confidential files from the network, bypass security systems and introduce malicious software.

As always, layered security is the best way to protect your data, and at the heart of your defenses has to be strong authentication and access control lists so you know who has access to what data. When using Windows, this requires that all data be stored on NTFS drives, which also allows you to encrypt sensitive data. With regard to your PCs, keep their cases locked and maintain control over physical access to them. They should all have the BIOS set to only boot from the hard drive to prevent users from booting them to an operating system stored on a portable device. The BIOS should also be password protected. You can use the Windows device manager to disable unwanted ports, such as FireWire or Bluetooth, to prevent their misuse. Your security policy should cover and restrict the use of privately owned devices within your organization, and where portable devices are allowed, the policy should state the need for passwords and encryption of any stored data.

If you are managing this problem at a large organization, you might want to look at DeviceLock. This allows administrators to lock out unauthorized users from USB and FireWire devices, WiFi and Bluetooth adapters, and CD-Rom and floppy drives. It can also control access to devices, depending on the time of day and day of the week. More information is available at http://www.protect-me.com/dl/.

Regarding encryption and password protection for removable storage, there are several products available. If you do need to share sensitive information using removable media and don't want to force recipients to have to install special software onto their PC in order to access the data, you could use something like encryptX SecurDataStor (http://www.encryptx.com/products/securdatastor.asp).

BROWSE BY TAG

Platform Security, Enterprise Data Protection, Disk Encryption and File Encryption, Password Management and Policy, Enterprise Identity and Access Management, Identity Management Technology and Strategy, VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Platform Security
	Should developers create libraries of common cryptographic algorithms?
	How to secure USB ports on Windows machines
	What is the best database patch management process?
	What is an encryption collision?
	What are new and commonly used public-key cryptography algorithms?
	Should management processes change based on a patch release schedule?
	Does an EULA make it truly illegal to decompile software?
	Should businesses delay Windows Vista adoption and just buy Windows 7?
	Why should we place data files on a separate partition than the OS?
	Should Windows Mobile updates come from Microsoft?

Disk Encryption and File Encryption

Heartland CIO is critical of First Data's credit card tokenization plan

Heartland CIO on end-to-end encryption, credit card tokenization

Should developers create libraries of common cryptographic algorithms?

What is an encryption collision?

Heartland CIO on PCI, E3 project

Visa probes tokens, encryption for PCI card data protection

Voltage, RSA spar over tokenization, data protection

Truth, lies and fiction about encryption

What are new and commonly used public-key cryptography algorithms?

What are the export limitations for AES data encryption?

Password Management and Policy

Two-factor authentication, vigilance foil password theft

Group to shed light on secure identity management threats

Brute force attacks target Yahoo email accounts

Best Identity and Access Management Products

Privileged account management critical to data security

Making the case for enterprise IAM centralized access control

How to prevent brute force webmail attacks

Best practices for a privileged access policy to secure user accounts

Mature SIMs do more than log aggregation and correlation

PCI compliance requirement 2: Defaults

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

Advanced Encryption Standard (SearchSecurity.com)

data key (SearchSecurity.com)

Encrypting File System (SearchSecurity.com)

encryption (SearchSecurity.com)

Escrowed Encryption Standard (SearchSecurity.com)

network encryption (SearchSecurity.com)

output feedback (SearchSecurity.com)

Quiz: Cryptography (SearchSecurity.com)

Rijndael (SearchSecurity.com)

Twofish (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy