Leave a comment

Securing Cd/Dvds with secRMM

BurnADiscWindowsDialog

secRMM secures when end-users write files to Cd/Dvds (we will just call it a disc in this article) just the same as when they use a flash drive or mobile device. The Windows operating system offers two different ways to write to discs. You can read a Microsoft description at http://windows.microsoft.com/en-us/windows/which-cd-dvd-format#1TC=windows-7. When you insert a blank disc, Windows will display a dialog asking how you want to use the disc (see screen shot). secRMM will apply security rules to either method chosen. It is up to the security or IT administrator how the security will work on disc.

There are two secRMM properties (rules) that apply to discs. The first one is set to on by default and is called “MonitorCDROMAndDVD”. As its name implies, it tells secRMM whether to monitor the disc while it is insCD/DVD secRMM Propertyerted into the Windows computer (the property is set to on) or not to monitor the disc while it is inserted into the Windows computer (the property is not set). When “MonitorCDROMAndDVD” is on, secRMM records the ONLINE/OFFLINE events, the WRITE events and any AUTHORIZATION failure events that might occur. This is exactly how secRMM handles any removable storage such as flash drives, external hard drives and all mobile devices.

The second secRMM property related to discs is the “BlockCDROMAndDVDWrites” property. As its name implies, writing to any disc will be blocked (i.e. not allowed). The benefit of using the “BlockCDROMAndDVDWrites” property

CD2 as opposed to disallowing discs via Active Directory Group Policy is that secRMM will log the write violation which tells you who the violator was (userid), what file they were trying to copy (the source file), where they were trying to copy it to (the target file which will be somewhere on the disc), what program they were using (explorer in this case), the time they attempted the write, and what computer the user was logged into. All of this information is logged into the security event log and the secRMM event log.

If you are not interested in recording disc write violations but just want to prevent users from mounting writable discs, you can also enable the “Enforce when device is plugged in.” setting. When “Enforce when device is plugged in.” is on, as soon as the end-user inserts the disc into the drive, Windows will eject the disc. secRMM will log an ONLINE error which indicates the disc was forcibly un-mounted (see screen shot).

CD3

secRMM is all about enabling productivity by allowing end-users to use removable storage while still protecting and securing the corporations data assets. As you can see, this applies to Cd/Dvds as well.

You can see a YouTube video on this subject at https://www.youtube.com/watch?v=7Ec3MD47-ws.

A free two week trial of secRMM is available at Squadra Technologies.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: