How to Monitor Files Transferred Thumb-drives:
USB Monitoring is activated or deactivated with just one click independently of the removable storage sector protection state. (while protected or unprotected state)
Monitored data include the name and exact weight of transferred files from the client endpoint PC to flash drives, logged user, device hardware ID, source machine name, date/time when the event started.
Records are sent encrypted AES 256 hex masked from the endpoint computer to the control in near real-time and are organized at the control by endpoint machine name/date/time for review as needed.
At the Central control server the collected data remains encrypted and same as all device insertion attempts records is only readable within the Device Control interface.
How to Protect Information Inside Thumb drives (Encryption):
USB Device Access Control is done by forcing automatic Encryption, this function can also be turned ON or OFF with just one click. (USB Monitoring needs to be activated for Encryption to work).
When USB Encryption is active all files transferred from the endpoint computer to authorized USB flash drives are automatically AES 256 encrypted. (all data not just the headers)
Stored files on encrypted USB Thumb drives can be opened within the endpoint originating client or within any other endpoint USB-Lock-RP client that have USB Encryption activated. (files are automatically decrypted in those systems when opened)
This function ensures that information contained inside authorized devices is only accessible within determined computers in the network and none outside the network.
How to Protect Against badUSB devices:
Included in the removable drives sector is protection against badUSB device e.g., USB Rubber Ducky, this type of device is extremely dangerous as its firmware has modified to impersonate Human interface devices (HID) such as keyboards.
This type of BadUSB could inflict keystroke attacks and introduce malicious payloads that could harm endpoint computers and network infrastructure. So the program makes a quick analysis when detects any change on keyboard/mouse enumeration to prevent such attacks, other than that keyboards and mouse work normally without restriction.