A lot of companies are shouting that the next big threat to organizations will come from within – a problem that security professionals have known about for a very long time. As long as people are fallible, they will be tempted to look at things they shouldn't or steal things from the companies they work for. So with that in mind, something should be done to keep data from slipping out in pockets and handbags.
DiskNet Pro has been designed to enforce removable media policies across a company's network. It also stops access of certain file types and guards against access to a computer's physical ports. These devices now have sizeable storage capacities, which gives attackers the means to import unauthorized data, pirated software, malware, screensavers, games and other nefarious material. The ramifications of such infringements cannot be ignored by companies.
The product is run from a central server, and agents are deployed to desktops. Installing the central server software was relatively easy. It runs on Windows from NT4 upwards. It also requires Internet Explorer 5.5 upwards to be present on the target machine.
The administration console is installed as a MMC snap-in, which gives it a finished, professional look. The console looks clean to the point of bare – not much in the way of extraneous information to overload the mind.
However, delving into the different icons for group and users brings up information on who can access what. The main way of administrating is via profiles. These can be created from templates installed with the program. The vendor recommends that you create various profiles before importing users and groups into the server.
We created a profile template for our test group by right-clicking on the "Profile Templates" icon. We were then presented with a window from which we could specify different options. The Audit Events tab is fairly exhaustive in what can be recorded by the software. It can tell us when a flash disk was authorized, who did it, on what machine, should an alert be sent, and so on. The trick here is not to specify too many event triggers, or else information overload will occur.
When templates are defined, the next thing to do is apply them to various groups and users throughout the organization. For us it was a simple matter of clicking on a group and adding that profile to the user or group.
Another part of the product and something else that can be configured within the profiles is the Port Guard (PGD). This controls access to physical ports on the PC such as printer ports, Bluetooth, Firewire, USB, and so on. Now this confused us, as it appeared that you could control removable media in more than one way. So access to flash disks could be controlled through the Port Guard or through the Removable Media Manager (RMM). From testing, it seems as if the Port Guard takes precedence over RMM, because setting the "Removable Storage" option to "No Access" seems to stop any access to out test USB token. Which is good, but we think some clarification should be put in at the next version to avoid confusion.
RMM seems to be where the main action is as far as the product goes. This is where administrators can allow access to removable media once it has been authorized. This seems to entail the program scanning the flash disk for viruses and then writing a file to the media in question that tags it, so it knows it has been looked at. Should data on the disk change in any way while being used elsewhere, the token will have to be re-authorized.
These events can be logged and used as some kind of audit trail, so tabs can be kept on what is being used where. Luckily, there is an option to select which data gets logged, so avoiding information overload.
The scanning process involves checking for viruses. The software can use either its own scanner (provided by Norman Anti-Virus) or a number of third-party alternatives.
Further safeguards on data privacy can be met by using the software's Encryption Policy Manager. This can be used to enforce a policy of having all data on the removable device encrypted using AES (128/256-bit). It also performs the encryption transparently, so that end users are unaware of these processes performing on their PC.
One other feature of note is the Program Security Guard. This is a mechanism to block the execution of various file types and prevent the creation, modification and deletion of those files types. There is also a list of exemptions to allow the normal running of programs. Adding exemptions to this list was easy to perform from the console.
Once all these options are set-up, the profiles can be spread through the enterprise by right-clicking on a server icon and choosing the reload profile.
While updating the profile seems to be very quick, getting updates on the event logs appears to have a slight lag, despite accessing the data on the host machine. The database running is MySQL, which we know to be a very well put-together database, so we are not sure quite why there is a lag in getting this information out quickly (although the vendor said this was because the event status of the client machine is not set to "immediate").
On the whole, this appears to be a reasonably well put-together application. The documentation is above average and clear to follow. There are some confusing aspects to the software that we think should be ironed out when the software is next revised. Also, there does not appear to be any Linux and Mac clients, so these workstations cannot be protected by the application.
