|  |
DeviceLock(R) Expands Device Access Control Feature Set
SmartLine Inc. announced the general availability of DeviceLock 5.72. The upgrades included with this release include several key features that allow DeviceLock administrators to accommodate a wider variety of permission setting scenarios, as well as finer control over who can start and stop DeviceLock service. DeviceLock is a device access management solution for controlling end-user access to PC devices and ports including USB and FireWire ports and WiFi (802.11) and Bluetooth adapters. DeviceLock allows administrators to limit device and port access by specific user, time of day, and day of the week, addressing security vulnerabilities posed by users who connect external media such as flash memory, PDAs, music players and cell phones to corporate PCs. Ports and devices managed with DeviceLock are prohibited from becoming gateways to secured corporate data and entry points for malicious programs.
"It's unrealistic for corporations to ban all plug-and-play devices from user-issued computers. The explosive popularity of USB Flash drives, personal digital assistants (PDAs), smartphones and music players over the last several years is a force beyond the means of such a ban," said Vladimir Chernavsky, CEO of AdvancedForce InfoSecurity, SmartLine's North American partner. "Moreover, you wouldn't want to prohibit non-threatening devices, such as USB- connected keyboards, mice and printers, or to lock out sanctioned portable storage devices that have password protection and encryption. What our customers are asking for is a means to enforce stated limits on plug-and-play, while remaining flexible to all legitimate uses. DeviceLock 5.72 gives them even more of this flexibility, allowing the handling of special cases such as setting permissions down to some unique serial-numbered device and issuing temporary access to a drive or port in an emergency. We've also improved security by allowing tighter control over who has DeviceLock administration privileges."
DeviceLock gives administrators comprehensive control of device access permissions by individual users or user groups. Administrators can set permissions for a wide range of devices including CD-ROMs, DVD-Roms and removable devices (floppies, ZIPs, etc.); serial, parallel, infrared, USB and FireWire ports; and WiFi (802.11) and Bluetooth adapters. System administrators can assign access privileges by class (e.g., all USB memory devices) or by individual device model or port (e.g., allowing a specific user to use a particular ZIP drive on specified machines). Administrators can also specify that read/write devices such as floppy, CD and ZIP drives be accessed in read-only mode. Optionally, administrators can create a white list of authorized USB devices so that they remain unlocked regardless of any other settings. New with DeviceLock 5.72, the USB White List feature has been updated to allow you to 'White List' a single, unique device, while locking out all other devices of the same brand and model, as long as the device manufacturer has supplied a suitable unique identifier, such as a serial number. In other words, DeviceLock can enforce whatever White Listing strategy is decided by Security Policy decision-makers and is feasible given DeviceLock administrator workloads.
A new function, Temporary USB White List, has been added. This function grants users temporary access to USB devices when there is no network connection using access codes that can be delivered over the phone. The function is particularly useful in exceptional situations, such as accommodating a remote worker who has a specific one-time need for USB access.
DeviceLock Audit gives IT staff a complete record of port and device activity, such as uploads and downloads by user and filename or URL, in the standard Windows Event log. The new Report PnP Devices plug-in generates a report displaying the USB, FireWire and PCMCIA devices currently connected to computers in the network as well as those connected in the recent past.
Also new with 5.72, a Chief Security Officer or other super-administrator has exclusive control over assigning DeviceLock administration privileges. In other words, even if a user has local administration privileges for Windows, he or she does not automatically have DeviceLock administration privileges. This provides another level of security, prohibiting an unauthorized person from changing their profile in order to stop DeviceLock Service or change permissions.
DeviceLock runs on Windows NT 4.0, Windows 2000, Windows XP or Windows Server 2003 and requires 32 MB RAM and a hard drive with 2 MB of hard disk space.
DeviceLock costs $35 (US) for a single-user license. Discounts are available for multi-user licenses and for Educational Institutions. A free, fully functional demo is available for download from http://www.devicelock.com . 28.10.2005, SmartLine Inc.
Subscribe to the newsletter | | |
| | | |
