This article can also be found in the Premium Editorial Download "Information Security magazine: Captive to SOX compliance? A compliance guide for managers."
Download it now to read this article plus other related content.
Price: Starts at $10 per seat
|Centennial Software's DeviceWall 3.1|
Centennial Software's DeviceWall protects against information leakage with central control over the unauthorized use of portable storage devices and wireless connections.
Proprietary intellectual property may be walking out your door. The proliferation of inexpensive, large-capacity removable storage devices makes it remarkably easy for an unscrupulous user to quickly and quietly steal large amounts of mission-critical data. Centennial Software's DeviceWall 3.1 aims to plug this security hole by providing centralized control over which removable devices a user can connect to their workstation--and how they use them.
DeviceWall is capable of recognizing and preventing access to a wide variety of peripherals including PDAs (BlackBerry, Palm), removable CD-RW drives, external USB storage devices, MP3 players and digital cameras. In addition, DeviceWall can be used to lock down wireless ports.
Group-based policies can be pushed to users manually or via a defined schedule, either by selecting the hosts directly from the domain (NT or AD), by importing host names from a file or by specifying an IP range. Installation on our test clients was quick, painless and worked without flaw.
Although the product works as advertised, its management model is clearly focused on the SMB space. Centennial needs to improve the integration with enterprise environments in order to make large-scale deployments practical.
For example, it would be nice to be able to manage various policies by Active Directory Organizational Units instead of user groups.
In our test lab, we granted specific domain groups access to given devices, and the DeviceWall dutifully enforced the restrictions and reported violations back to the management console.
The product handled "off-LAN" users very nicely. If a remote user needs access to a removable device, but can't communicate with the management console, the administrator can generate a temporary access code that will allow the user to use the device until reconnected.
DeviceWall can be set initially in open mode, so managers can audit user activity before implementing restrictive policies.
Both the client agent and management server will install on any Microsoft release from Windows 2000 and higher. The management server additionally requires an IIS install with the WebDAV components. Since DeviceWall is squarely focused on the typical corporate desktop deployment, there is no support for non-Microsoft environments.
This was first published in March 2006