Limit USB drive use to computer with certificate

1

The problem. USB drives are not allowed in our company but we have a few computers which are not on the network and have deep freeze installed.We need to be able to allow a few users to move files to these machines using USB drives. Obvious we are trying to avoid the possibility that a employee leave campus with (usable) data.

Is there a way to:

  1. Force all data sent to a USB to be encrypted
  2. Have a certificate on the machine with deep freeze with the required certificate to decrypt. We need a certificate and not a password because a password could be used anywhere.

Network machines are part of a windows server active directory domain and this is where/how the USB restriction is currently managed.

Vincent

Posted 2011-04-13T16:38:20.583

Reputation: 243

Answers

2

One possibility to consider is TrueCrypt. You can encrypt the entirety of the USB drive, using a "key file" to do so. (For a little extra security, use both a key file and a password.) Only computers where this key file exists (and only users who know the password to unlock the key file) would be able to read the hard drive. Of course, this then gives you a minor chicken-and-egg issue, as you have to use something to copy the key file to every computer you want to be able to use this drive on. (While a key file isn't a certificate per se, it's effect is quite similar -- the drive can only be accessed if that key file is present.)

I'm not entirely sure from your question if you also have the requirement that only certain users can access USB drives at all; if you do have this requirement, TrueCrypt unfortunately cannot solve this one for you, but I believe Group Policy might.

Kromey

Posted 2011-04-13T16:38:20.583

Reputation: 4 377

Sounds promising. I can manage who can use usb drives just not where. From your explanation I assume the only way to circumvent this would be to copy the key file to another computer. How is this prevented? – Vincent – 2011-04-15T04:08:35.737

0

Applications like Checkpoint, Cryptzone, Mcafee and others allow you to enforce encryption on removable drives, and centrally manage the users who can access these drives.

You can also limit access to removable drives using ADM under group policy.

Rory Alsop

Posted 2011-04-13T16:38:20.583

Reputation: 3 168

Asked: 2011-04-13T16:38:20.583

Viewed: 1 591 times

Active: 2011-04-13T22:50:37.563