Although most corporate networks are secure from hackers, few organizations currently employ safeguards to prevent employees from moving sensitive data and intellectual property onto devices such as iPods, PDAs, camera phones, or USB thumbnail drives. To protect against such internal threats, businesses need to rely on a growing number of applications known as device-control solutions, which help administrators enforce security policies and protect corporate assets from the danger posed by accidental or intentional misuse of removable media devices.
To test Layton Technology's device-control solution, DeviceShield, I downloaded a trial version of the software from the Web. Setting up DeviceShield was simple. A wizard guided me through the process of creating a global policy and made discovery of target machines on my sample domain of two servers and four workstations a breeze. The wizard even located other workgroups and domains on my network, shown as protected assets, (see Web Figure 1) and made selection of which machines to deploy to incredibly simple. Deployment of the client applications took less than 30 seconds to complete. I found the administrative interface easy to use, and I was able to quickly create customized policies for domain users and groups I pulled from Active Directory (AD).
After the policies were in place, I began testing. I tested different policies I had set up, specifically targeting various resource types, ports, devices, and permissions options. Setting up the policies was straightforward, and each policy I created tested out exactly as I anticipated. When I attempted to write to prohibited devices, a pop-up window warned that I didn't have sufficient rights to do so. When I tried to read from devices that were covered by a policy that prohibited a read operation, a message warned me that the requested file was in use. (However, a pop-up window would be a better way to help legitimate users with troubleshooting.) Likewise, when I tried accessing permitted devices, I was able to do so without any impediment. As I created, modified, and tweaked various policies, one thing that really impressed me about DeviceShield was that policy changes made on the server were immediately reflected on client machines, making fine-tuning, customization, and overall administration hassle-free.
When my tests were complete, I turned my attention to DeviceShield's administrative console, which reported on all my simulated user activities and attempted actions. The History pane in the administrative console makes it easy to look up activity by user, machine, port, device type, date, and even operation success or failure. It also lets administrators audit activity and look for trends.
No review of a security product would be complete without some attempts at circumvention. Circumventing DeviceShield should be hard for most end users. I tried killing the client software as a domain user and also as a member of my domain's administrators group. No dice! Then, knowing that most corporate developers have local administrator privileges (and that they frequently have access to sensitive information), I logged on to a workstation as a local administrator and killed the DeviceShield client process through Windows Task Manager without any problems.
To bypass the software completely (without needing Administrator permissions), I simply booted one of my workstations with a preinstallation environment (such as WinPE or BartPE). This gave me full access to local drives, unfettered use of my trusty USB thumbnail drive, and the ability to access local and remote resources as desired. DeviceShield recorded none of my activities because the client service had never started--proof that defeating any software-based protection scheme isn't difficult for people with enough technical skill.
DeviceShield provides top-notch protection that's enough to keep users from accidentally uploading viruses or easily walking off with corporate assets. It also provides easy-to-implement protection and auditing for a problem that most organizations are blissfully unaware of. If you're looking for a device-control solution, DeviceShield is worthy of your consideration.
PROS: Easy deployment; lightweight client footprint. Leverages Active Directory (AD) users and groups for policy setup; immediate policy updates.
—Michael K. Campbell