Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Ivan Trofimov2015-07-19 11:46:58
Encryption
Ivan Trofimov, 2015-07-19 11:46:58

How to protect data in a Windows domain?

Hello. There is a Windows domain in which you want to protect data on workstations from leakage outside the domain.
Interested in protection against removal on external drives (USB, CD). CD-ROM can in principle be banned by politicians. I see the following scenario: the user inserts an allowed flash drive into the USB (or card reader) of the domain computer, it checks whether it is allowed to use the device with the current ID, and if everything is fine, he gets access to the drive and can upload his files to it (can be implemented via GPO). But it is necessary to provide that the user cannot take this information out of the domain on an authorized flash drive. Only encryption of information on this device comes to mind. Moreover, the decryption key must also be distributed to all domain computers and the user will not notice anything if he inserts it into the domain computer.
Workstations predominantly Windows 7, 8.1 and servers 2012R2

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

5 answer(s)
Report
M
Max, 2015-07-20
@MaxDukov

Only encryption of information on this device comes to mind. Moreover, the decryption key must also be distributed to all domain computers and the user will not notice anything if he inserts it into the domain computer.
Workstations predominantly Windows 7, 8.1 and servers 2012R2

Well, if 7 and 8 are everywhere, then look towards BitLocker. He knows how to encrypt flash drives. If you have XP (I hope not anymore),
then look not at TrueCrypt. Similarly - encrypts disks / flash drives.
There is also SecretNet, it seems that he can do something like that. But, dog, not cheap. But with FSTEC certificate

Report
P
Puma Thailand, 2015-07-19
@opium

Write nonsense, make balloons and ban flash drives, you can distribute a file within the network using a balloon, flash drives are not needed.

Report
A
Alexander, 2015-07-19
@NeiroNx

Prevent users from installing new devices (in general), having previously configured all available ones, remove burners from users' PCs. Disable any COM ports at all - you can also connect a modem via RS-232 and pull quite a lot without having admin rights and without installing any drivers.

Report
A
Andrey Ermachenok, 2015-07-19
@eapeap

InfoWatch, among other things, can do this.

Report
O
oia, 2015-07-20
@oia

yes, they took it out a long time ago and sold it,

you need to transmit large amounts of information, and the channel is not so wide
expand

Similar questions
E
eugene1592021-04-20 20:45:05
Veracrypt analogues that meet this requirement? Or is it possible to set up Veracrypt? 0Reply
S
schottky2015-06-10 19:28:02
What are the tools for secure voice communication? 5Reply
L
LiveBest20132015-07-05 20:25:44
Connection via OpenVPN and IpSec/L2TP does not work in Softether VPN? 2Reply
T
tecnika2015-07-14 02:16:27
Got the virus. Encrypted all data. What to do? 2Reply
A
Alexey2015-07-15 14:34:01
How to encrypt traffic on 10 gigabits? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question