Victor Duchovni <[EMAIL PROTECTED]> writes:

>Lock USB down completely, or block most devices and allow approved ones?
>There is a non-empty set folks doing the latter, which opens the possibility
>of this type of device being permitted, while others are restricted.

Lock it down completely.  What really panicked the mgt. wasn't so much the
thought of their data appearing on other organisations' networks but cases
where other organisations' data had appeared on *their* network (due to, in
some cases, overzealous employees, in another case an outside contractor, and
in another someone who wanted to sell them "commercially useful information").

>Data leakage should not be a concern if the device is built/marketted

You want to explain that to management terrified of criminal prosecution?  I
got the feeling from talking to the IT security guy in the case of the
suspected commercial espionage that the management really wanted to pour
quick-setting concrete into the USB ports just to be absolutely sure.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to