SOLVED Information security

gambz · Aug 5, 2011

hi guys.
i'm in the informatics department of my base (military) here in portugal.
well, we all know that the military are supose to be the most secure place to deploy information but this is a small and independent base, with few resorces.
and now for the question:
how can i prevent those usb hacks to seal information?
imagine the teacher's computer or his usb pen drive with exams and critical data like that...
how can i protect the teacher?
really need your advice guys

thanks in advance

notarat · Aug 5, 2011

Whole-Disk Encryption.

If the data is stolen, it is unreadable.

Automata · Aug 5, 2011

If the drive is mounted and someone gains access to the computer, they will have full access to the drive; encryption or not. Encryption will only come into play when the drive is unmounted.

gambz · Aug 5, 2011

thanks for the reply.
as thideras said, that would be a problem to physical security... not to logical security.
Someone has stolen a text from a teacher!! (this military base is more like an university for high ranked officers) and now i have to prevent it from happening again.

Automata · Aug 5, 2011

Do you know how the information was stolen? That might help you makes changes so it doesn't happen again.

For example:
Locking your computer, even if you step away for less than a minute.
Encrypt drives and remove them when they are not in use, keeping on the personnel at all times.
Limited rights on the computer and security programs to enforce them.

I don't have any actual experience with securing data in the "real world", so please take my suggestions with a grain of salt and do proper research.

gambz · Aug 5, 2011

so far everyone in this forum has been a great help.
this is what i believe happened:
-student get in class and plant a bug (*.bat file to copy the whole H:\ directory to C:\...\"folder")
-teacher put the usb the powerpoit presentation, but has one "critical data" among the other files...
-bug copy directory
-teacher leave the class
-student retrieve info.

well at least is what i would´ve done...lol
but how can i stop that?

Automata · Aug 5, 2011

Can you restrict access to that computer or that H:\? Seems like a simple fix.

You may also want help from other departments. If there is punishment for doing this, they would be less likely to try. You shouldn't have to deal with misbehaving kids by yourself.

gambz · Aug 5, 2011

lol "kids"? nah as i said before "high ranked officers" and they are aware of the repercussions, but still do it -_-

TempliNocturnus · Aug 5, 2011

Are you talking about autorun's on removable medium?

If so, there are many ways you can do this. If you're in a domain enviroment, you can change this with group policy (you can also use the Local Security Policy editor to accomplish this in a non-domain setting).

Type gpedit.msc in the run prompt, look under Computer Configuration, Administrative Templates, System. You'll see an option called 'Turn off Autoplay'--change it to Enabled.

For Vista and higher, you find this object under Computer Configuration, Windows Components, Autoplay Policies.

Some antivirus software also allows you to disable this feature.

notarat · Aug 5, 2011

thideras said:
If the drive is mounted and someone gains access to the computer, they will have full access to the drive; encryption or not. Encryption will only come into play when the drive is unmounted.

So then you simply combine whole disk pre-boot encryption with Common Access Card/PKI, ala the US Navy's use of Guardian Edge and CAC Cards.

User pulls CAC card out and walks away, you're not getting their data in a readable form unless you're the admin. Period.

Automata · Aug 5, 2011

There you go, that would be a good solution.

notarat · Aug 5, 2011

One additional benefit is that any mass storage device you plug into the USB ports gets encrypted too.

If you lose a USB Stick, no worries...no one can get to the data unless they have your CAC Card and your private key and your CAC Card's PIN number...

gambz · Aug 8, 2011

thanks everyone for the reply. i liked that cac card solution but is too tricky to get

so i decided to lock usbs via batch file by editing regedit.
it looks like this:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\USBSTOR]
"Start"=dword:00000004
(the "Start"=dword:00000004 for lock and "Start"=dword:00000003 for unlock)
so far so good, but now i must run the "usblock.bat"s every time the students logon.
how?
since the students are not admin i cant edit the reg. :\
so what i need to know is:
how do i run a bat/exe at users logon as admin...?

ebug122 · Aug 8, 2011

Logged on to the PC as an admin.

Start>Run>compmgmt.msc
Expand System Tools>Local Users and Groups, click on Users.
Right click on the user's name and click Properties.
In the Profile tab you'll see Logon Script. You can type the location of the .bat file there.

G33K454URU5 R3X · Aug 8, 2011

This would all be a lot easier if you were using a domain environment (Win 2K3 / 2K8).

gambz · Aug 8, 2011

and we are. the thing is:
the domain belongs to the army... we are working on our own domain.
but i finally did it... i compiled the batch file into *.exe and run it as admin

works like a charm

SOLVED Information security

gambz

Registered

notarat

Member

Automata

Destroyer of Empires and Use

gambz

Registered

Automata

Destroyer of Empires and Use

gambz

Registered

Automata

Destroyer of Empires and Use

gambz

Registered

TempliNocturnus

Member

notarat

Member

Automata

Destroyer of Empires and Use

notarat

Member

gambz

Registered

ebug122

Member

G33K454URU5 R3X

Member

gambz

Registered

Similar threads