ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Safe use of USB drives? Is there anything like a USB sandbox application?

(1/5) > >>

Lutz_:
Hi all,

I am working in lab with several windows machines running very expensive lab equipment. The head of the lab has disabled all usb ports in fear of virus transfers.  Consequently getting data off these machines is a pain in the b#*t, because only few of the personal are allowed to transfer data off via FTP transfers. 
Is there a better option to keep these machines "safe without any doubt" (paranoia has to be considered) and still somehow enable users to transfer their data on a USB stick?  Is there a way to create a "sandbox" on these windows machines and allow people to only transfer data out of this sandbox to their USB drives and disable any other transfers?

Thanks a lot in advance,
Lutz

Deozaan:
Probably not very helpful ideas:

Wonder if you could set up a linux distro on a VM and use something like dropbox.

Or you could always e-mail the files to yourself...

Lutz_:
Hi Deozaan,

Thanks for your thoughts.  I guess a potential solution would have to be no more than a small program or anything else easy and small. Otherwise my chances of convincing head of the lab are minimal.  No, "of course"  :) one cannot access the internet from these machines, no email - for safety reasons.

Lutz

Stoic Joker:
What does the action (disabling USB ports) intend to protect the system from? Are they worried about a bug jumping off the drives on it's own? Disable autorun of USB drives.

Or are they worried of an intentional act (e.g. someone sets off bad program X)? Was the staff ever screened?

How often does what need to be copied off? Would a CD burner be an option?

Lutz_:
Hi Stoic Joker,

Yes, principally they are worried about bugs jumping off the USB drives. I guess they would like to be protected against malicious intent nevertheless.  No, not all users can be screened - they receive a training before using the machines, though.  These machines do analytics as a service.  Data do need to get transferred perhaps 10 time a day.
Simply disabling autoruns might be efficient, but taking some degree of paranoia into account, I do not believe this primitive solution would have a chance to be implemented.

Thanks a lot for the suggestions!

Navigation

[0] Message Index

[#] Next page

Go to full version