- Dec 1, 2003
- 880
- 1
- 81
Hi,
I am looking to beef up security on an office network. Aside from the obvious: physical security, limiting user privileges using Active Directory, running a firewall that does stateful packet inspection and running anti-virus software; I would like to prevent users from copying a file to a USB flash drive and taking it home or cloning a hard disk or just removing the hard disk from a work station.
I can block all email sites using the Dell SonicWall so that employees cannot email themselves sensitive corporate data but what do I do about USB drives. The BIOS on the workstations does not allow them to be disabled.
I once had a client who used a computer at a bank that she was working on to transfer photos from her camera to a USB flash drive. She came to me complaining that she cant open the photos on the USB drive on her home computer. It turns out that the computer encrypted the photos so that they can only be opened on the bank computer. How can I do something like this to prevent employees removing data.
I know that intel offers hardware drive encryption on systems with vPro technology but most of our workstations do not have this. Is there a way to do this via software? Would full disk encryption even prevent an employee from copying data to a flash drive? Please advise.
Also, is there a way to encrypt data in transit. For example: when the server is backing up to a NAS drive, is it possible to encrypt the data while it is going over the network and is this level of security even necessary.
I am looking to beef up security on an office network. Aside from the obvious: physical security, limiting user privileges using Active Directory, running a firewall that does stateful packet inspection and running anti-virus software; I would like to prevent users from copying a file to a USB flash drive and taking it home or cloning a hard disk or just removing the hard disk from a work station.
I can block all email sites using the Dell SonicWall so that employees cannot email themselves sensitive corporate data but what do I do about USB drives. The BIOS on the workstations does not allow them to be disabled.
I once had a client who used a computer at a bank that she was working on to transfer photos from her camera to a USB flash drive. She came to me complaining that she cant open the photos on the USB drive on her home computer. It turns out that the computer encrypted the photos so that they can only be opened on the bank computer. How can I do something like this to prevent employees removing data.
I know that intel offers hardware drive encryption on systems with vPro technology but most of our workstations do not have this. Is there a way to do this via software? Would full disk encryption even prevent an employee from copying data to a flash drive? Please advise.
Also, is there a way to encrypt data in transit. For example: when the server is backing up to a NAS drive, is it possible to encrypt the data while it is going over the network and is this level of security even necessary.