Data Loss Prevention

 View Only
  • 1.  User-based USB stick control

    Posted Jan 19, 2010 02:45 PM
    I have a simple question: is it possible to create a rule to allow a USB stick from a certain maker (identified through serial number) based on the user currently logged on on the workstation? Most solutions only allow rule creation based on the workstation itself, but what I want to accomplish is: whatever workstation the user logs on, the rule will be applied and the USB stick will be allowed.

    Thank you in advance.


  • 2.  RE: User-based USB stick control

    Posted Jan 19, 2010 02:53 PM
     This can be done via Symantec Endpoint Protection -Device Control for sure..



  • 3.  RE: User-based USB stick control
    Best Answer

    Posted Jan 19, 2010 03:05 PM

    yes it can be done

    when you instal sep you have 2 options
    1 user mode
    2 computer mode
    you can trun the workstation to user mode
    right click and user mode
    policy will be applied just for the user (where ever he logs in )

    check this
    How to create a rule that will allow only specific USB’s on to your network.

    http://service1.symantec.com/support/ent-security.nsf/docid/2009031809381448

    https://www-secure.symantec.com/connect/forums/computer-mode-vs-user-mode-0



  • 4.  RE: User-based USB stick control

    Posted Jan 20, 2010 07:40 AM


  • 5.  RE: User-based USB stick control

    Posted Jan 20, 2010 04:39 PM
    Device Control is a part of Symantec Endpoint Protection.
    Symantec DLP (version 10)  Could enforce rules of whom could copy what do a DOK, but the system cannot enforce rules on which type of DOK.

    Regards,
    Naor Penso


  • 6.  RE: User-based USB stick control

    Posted Jan 20, 2010 08:43 PM
    In short, it's possible through SEP, but not through Vontu. Is that correct?

    Thank you all for the answers.


  • 7.  RE: User-based USB stick control

    Posted Jan 20, 2010 09:48 PM
    through SEP yes, Vontu no


  • 8.  RE: User-based USB stick control

    Posted Jan 20, 2010 10:38 PM
    As was already told, Yes it's quite possible with SEP... :) ... Here is a small suggestion from me..

    * Create a new group in the SEPM which would basically have the block policy ...
    * Right click on the group and choose Import AD or LDAP users...  and that would give you the list of AD users..
    * Import or add the users for which you would like to apply this "Block USB" policy...

    Active directory users and computers always have a high priority than the customer groups, so.. basically when anyone of the restricted user logs into any one of the computer in your network, the client would automatcially communicate with this "Block USB group" and take those policies... and if anyone else logs in, it will refer to the custom group...

    And as far as blocking specific device, you can use the device ID to block any piece of h/w ... This can be obtained by running the Device Viewer from CD2 ...

    Correct me If have gone wrong somwhere ... :)

    Cheers,
    Visu.


  • 9.  RE: User-based USB stick control

    Posted Jan 21, 2010 09:38 AM
    Thank you all for the help. Much appreciated.

    Regards,
    Andre.