USB-Lock-RP Review: Central Control of Device Access to Computers

0
58

It’s time to harden your entire network of Windows laptops, desktops and servers.  Here’s how…

This review is one of a series published by Cyber Defense Media Group (CDMG) to highlight cyber defense offerings with unique and compatible features.  CDMG reviews focus on the value proposition of the product or service in terms of the problem it solves and its standing in the cyber defense marketplace of ideas and leadership.

Value Proposition – What Problem Does It Solve?

From the early days of personal and professional computing, connectivity has been both a boon and a threat, especially utilizing devices such as flash drives, wired and wireless external storage, and remote data facilities.  The convenience factor has brought along a set of vulnerabilities which have proved difficult to protect in a universal and compatible manner.

USB-Lock-RP Device Control Software is a unified system to centrally control access to computers by external and remote devices.  This protection includes USB ports, removable storage, mobile devices and wireless adapters to servers, workstations and laptops in a network.  Specifically, USB-Lock-RP responds to the vulnerability of individual and enterprise-wide computers to cyber exploits.

By complementing antivirus software with this software, blocked devices don’t need to be accessed by antivirus as they won’t be present (only authorized devices can be connected). The USB-Lock-RP approach when dealing with unauthorized removable storage connections is to deny access to USB Port by redundant means. Even specifically authorized flash drives or mobile phones need to be re-plugged after being identified to function.

Once installed, USB-Lock-RP effectively monitors data/files transferred from endpoint computers to authorized USB portable storage (thumb/flash/pen drives). Records automatically arrive and are stored secured at the Control server. The Administrative Console can be set to send these records to a SMTP (TLS/SSL) email within the organization’s domain in real-time.

USB-Lock-RP also provides USB Thumb Drives Encryption capability.  This protects information contained inside authorized Thumb drives by optionally forcing automatic AES 256 encryption of all transferred data/files from network endpoint computers to allowed USB devices, effectively provides USB access control to protect sensible data in cases when the authorized device is lost or stolen. USB Encryption policy can be enabled or disabled with just a click.

This integrated approach is effective in preventing both systems infection and data loss due to connection with any outside device potentially carrying a cyber exploit payload.  USB-Lock-RP prevents Zero-day USB-based exploits from accessing protected systems.

Of particular note is the universality of application, from complicated enterprise systems down to individual computers.  With few exceptions, USB-Lock-RP is compatible with other cybersecurity modalities, and can be utilized in conjunction with generalized platforms and integrated into multi-functional cybersecurity programs.

The company produced an excellent overview video, available here.

Protection Scope:

USB Removable storage drives: USB 2.0, USB .3.0 | Card readers: CF, SD, SDMicro, MMC, XD | Media transfer protocol portable storage: MP3 players, iPods, iPads, PDA, hand-held computers, tablets, digital cameras, mobile phones, blackberry | External magnetic hard drives: e-SATA, Firewire (IEEE 1394) | External and Internal: CD, DVD, Blu-Ray | Wireless Transceivers: WiFi, IrDA, Bluetooth | bad USB HID impostor devices | remote USB devices.

How does USB-Lock-RP Operate?

USB-Lock-RP delivery is normally accomplished by a secure email download link.  The responsible IT party at the client organization will normally use Active Directory/Group Policy for initial deployment of the software.  For this purpose, USB-lock-RP utilizes a MSI stand-alone client installer. The program may also be delivered as setup.exe to allow manual initial installation.

The program has 2 components: (1) the Control (installed on the server locally) within the organization network and (2) the client MSI to be deployed initially using GPO or other deployment tools; (The Client is also provided as manual installer to be used in small networks initial deployment or when testing.)

USB Lockdown (blocking) is part of the software redundant measures applied to protect the system.  These measures take place upon detection and include preventing drivers from loading, stopping, dismounting, disabling, or ejecting devices, and also block access to the desktop.  From this base, protection measures escalate depending on the device type and the device status; lockdown is normally included when blocking USB and other removable storage devices within the software protection scope.

With USB Lockdown, blocking USB and desktop access are simultaneous.  The program presents full screen window alerts that extend to multiple monitors and remain until any of the following conditions is met:

On the Client Side:

  • The unauthorized device is removed
  • The master password is used

On the Control Side:

  •  The sector is unprotected (protection is turned off)
  • The device is authorized

 

Pros of USB-Lock-RP:

Independent Control:

  • Centralized Administration is installed and operated On-premises within the network/domain.
  • No internet connection or external access required. (This system is not cloud-based)
  • Operation is independent from Active Directory or Group Policy
  • Management Console is a software function (No appliance or virtual environment is required)

Easy Setting:

  • Push button settings protect from device types that pose risk. Settings can be applied to groups of machines or specific machines in the network (Toggling “Protect” or “Unprotect” applies in real-time)
  • Able to authorize specific devices portable storage on specific machines or in all machines. (Automatic Hardware ID detection is enabled.)

Automatic Operation:

  • Automatic logging of all device connections within its protection scope. Reports, blocks and alerts are implemented in real-time.

Effective Protection:

  • Machine wide protection effective regardless of user privileges. Protects even if no user is logged into the system. (Blocks both incoming and outgoing)
  • Redundant blocking measures include unique desktop lockdown that is personalized with end-user organization logo. (Lockdown remains until the device is removed)
  • Perpetual licensing model.
  • Cost is US$ 20.00 per client (or lower depending on quantity)
  • Support is in English at no charge by email or phone.

Cons:

  • Authorized devices need to be re plugged by user to be used.  (This is by design as it favors security strength in preventing malware infection)
  • Doesn’t work on MAC or Linux.  (for Windows OS only)

Compatibility

  • Window operating systems (New or old)

Competitors

While it is not within the purview of this review to assess or evaluate potentially competing protection systems, it is worthy of note that there are several other solutions which appear to provide certain aspects of the USB-Lock-RP program.  At this time, we are not aware of any individual offering with the full array of protections of USB-Lock-RP; among the differences are such characteristics as the requirement for either additional hardware or a cloud-based solution with a full-time internet connection.

Summary:

The USB-Lock-RP solution to protecting enterprise-wide systems to individual computers against data loss and malware introduction is a simple, elegant, and cost-effective program.  It solves a widespread and growing problem of vulnerabilities resulting from accessing remote devices through USB ports, Bluetooth and wi-fi connections, and other common modalities.

Areas of specialization include protecting industrial DCS/SCADA and Critical Infrastructure Control Systems as well as business computer networks storing sensitive data.

More information can be accessed at the company web site:
https://www.usb-lock-rp.com/

About the Author

Yan Ross, J.D., is a Cybersecurity Journalist & The Editor-at-Large for Cyber Defense Magazine.  He is an accredited author and educator and has provided editorial services for award-winning best-selling books on a variety of topics.  He also serves as ICFE’s Director of Special Projects, and the author of the Certified Identity Theft Risk Management Specialist ® XV CITRMS® course.  As an accredited educator for over 20 years, Yan addresses risk management in the areas of identity theft, privacy, and cyber security for consumers and organizations holding sensitive personal information.  You can reach him via his e-mail address at yan.ross@cyberdefensemediagroup.com