USB-Lock-RP Device Control Endpoint Security Software logo by Advanced Systems International

Device Control

Device Control is the branch of endpoint security that refers to the management and measures involved in protecting computers systems and data, from risks associated to the connection and use of removable devices.


Overview

  • Computers in a network can act as both, Device-Host & Network-Host.
  • Removable devices can be infected and transfer malware to computers.
  • Removable storage can be used to extract data assets from computers.
  • Devices can be lost or stolen and sensible data be exposed.
  • Organizations/enterprise need to protect their network systems and data.

Most vulnerable USB-host protocols:

  • USB Mass Storage Device Class (UMS).
  • Media Transfer Protocol (USB-MTP).
  • USB Attached SCSI Protocol (UASP).
  • USB Human Interface Device Class (HID).

Most common Device/source:

  • USB flash drives.
  • Smartphones.
  • Card readers.
  • USB adapters.
  • Wireless Transceivers.
  • BadUSB (aka. USB Rubber Ducky).
  • External drives (USB, e-Sata, Firewire).
  • Compact discs.

Common active Countermeasures:

  • Driver restriction.
  • Desktop Lockdown.
  • Drive Dismount.
  • Disc Ejection
  • Device Disable.

Best Practices:

  • Centralized Management.
  • Blocking (System-wide).
  • Specific Authorization (Whitelist).
  • Monitoring.
  • Encryption.
  • Event Logging.

Most vulnerable USB Host/Network Host:

  • Server.
  • Workstation/Desktop.
  • Laptop.
  • Tablet-PC.

Most vulnerable organizations sector:

  • Manufacturing.
  • Processing.
  • Energy production.
  • Government.
  • Defense/law enforcement.
  • Finance.
  • Healthcare.
  • Technology.

Risk to Organizations/enterprise:

  • Operating Systems malware infection.
  • Confidential/Sensible data loss.
  • Keystroke/payload injection Attacks.
  • Malicious command/code execution.

Mayor concerns:

  • Endpoint availability loss leading to personnel/environment endangerment.
  • Sensible data disclosure/exploitation.
  • Assets loss.

Related Fields:

  • Endpoint Security (Parent).
  • Data Loss Prevention (DLP).
  • USB Device Control (a.k.a., USB Lockdown, USB Control).
Device Control: USB, e-SATA, FireWire drives, mobile phones MTP, CD, Bluetooth, IRDA, WiFI.

The Universal Serial Bus (USB) is today the most used but not the only interface allowing communication between devices and computers. Removable devices such as USB flash drives can be infected and transfer malware to computers. This could escalate to compromise a network infrastructure. Preventing systems infection from unauthorized devices is within Device Control scope.

Effective Device Control solutions should act to deny the presence of the device in the system. Blocking is the most effective way to prevent malware incoming from devices such as USB flash drives. Antivirus should act as a backup measure when it comes to unauthorized devices as they should be blocked.

Furthermore, Removable storage can be used to extract data assets from computers and put confidential information at risk. By blocking unauthorized devices this risk will be greatly diminished.

Nevertheless it’s important to consider that authorized devices can be lost or stolen while in transit. Therefore it’s important that authorized devices activity is monitored and that encryption is forced on data transferred to them.

Device Control Enforcement:

Enforcing device control requires that detection and blocking measures be active and locally enforced. Such measures should be able to adjust/escalate depending on device type/status.

Device connection events/alerts should be sent to the Central Control in real-time and include:

  • Device VID (Vendor ID), PID (Product ID) and Serial Number.
  • Source IP, Machine name, and Logged-User.
  • Date/Time.
  • Severity/Outcome.

Device blocking scope should be system-wide (not user-wide). User-wide restrictions have diminished security value in preventing virus/malware infection or code injection compared to system-wide restrictions.

Unauthorized devices should be blocked, blocking measures should remain until the device is physically or remotely removed from the system.

Specific USB Devices Whitelisting/Authorization should have auto-detection capability.

Monitoring function should be available to allow visibility over data transfers to authorized USB drives.

Encryption function should be available to secure authorized USB drives data transit.

All device identifiers should be stored encrypted to prevent spoofing.

Devices Management:

The Management of devices requires that protective measures and permissions should be set from a Centralized Control located in a Server/System within the organizations network/domain.

All setting are to be sent, applied and enforced to clients in real-time without delay or need to reboot.

The Central Control interface should show clients updated security status and receive events/alerts from clients.

Authorized personnel ability to access the Central Control should not depend on internet access, external services or entities.

The Central Control should work with encrypted data, only readable within the Control Interface.

Depending on the organization:

  • Events should be sent via secure email to an inbox within the organization domain.
  • Events format should be standardized to Syslog or CEF (Common Events Format) to be relayed to SIEM solutions.

Note: When readable reports outside the Control interface are required, access to reports should be managed/secured to prevent device identifiers disclosure.



Device Control in Industrial processes, manufacturing and energy production

Today, it’s well understood that:

  • Industrial networks in manufacturing, processing and energy production sector MUST implement device control to safeguard:
    • Environment.
    • Personnel.
  • Both Industrial and IT Networks should implement device control to prevent:
    • Malware infection.
    • Confidential or sensitive data loss.
    • Arbitrary commands/code execution (ACE).

Cyber-attacks grow in frequency, stealth and complexity. It's important that IT security personnel select the adequate solucion to fulfill the requirement. Decisive Control requires a tool that can be fully tested within its thought operating environment.

NOTE: This page content outlines USB-Lock-RP Device Control design model. This straightforward and effective security solution serves its purpose and will continue to evolve based on the technical security challenges to come.



Solution:

USB-Lock-RP management interface

Straightforward approach:
To allow only specifically authorized devices and reject the rest.
Without interfering with harmless peripherals normal operations.

Client-side trademarks:

  • Smart device detection & blocking.
  • Personalized desktop Lockdown.

USB-Lock-RP Device Control

USB-Lock-RP is a complete device control software solution to protect Servers, Workstations & Laptops running Windows Operating Systems.

Since 2005 it serves organizations as an effective security tool for centralized device management.

Controls the access of a broad range of devices such as:

  • USB flash drives.
  • Smartphones.
  • Card readers.
  • USB adapters.
  • Wireless Transceivers.
  • BadUSB (aka. USB Rubber Ducky)
  • External drives (USB, e-Sata, Firewire)
  • Compact discs.

Functions that security administrators and pen testers highlight:

  • On-Premises Centralized Management.
  • Events Logging.
  • USB Transfers Monitoring.
  • Device Encryption.
  • Real-time Response.
  • Autonomy.
  • Ease of use. (Intuitive interface)
  • Data protection strength.
  • Personalization.
  • Permanent use licensing.

USB-Lock-RP by Advanced Systems, Controls devices and removable media like no other software in the market does.

For Microsoft® Windows® Operating Systems (Servers & Clients / 64 & 32 bit)

USB-Lock-RP (Remote Protector) box

Learn more about USB-Lock-RP Device Control to effectively secure Windows® networks.