SecurityGuy.org

If you ever wanted to disable the use of USB storage devices at your organization, like USB flash drives or external hard drives, this article is for you.

Look no further. You can do it with the built-in tools you have in your Active Directory environment.
First, download the Group Policy Management Console here. Install it.

To prevent users from using usb drives, you will need USB block ADM file (98).

To prevent users from writing to usb drives, you will need USB write protect ADM (77).
read more »

This is the second video on securing Windows XP for home use - for advanced users.

P.S. You may want to watch it in “full screen” mode.

Video: Secure Windows XP - tutorial that teaches you how to secure your home or business computer.

Please check back for more advanced guides.

P.S. You may want to watch it in “full screen” mode.

Let me start by telling you that there are literally hundreds of different alarm master controls on the market. So, how do you know which one to select? As you talk to various alarm companies, you will hear some names of equipment over and over again. This is generally a good indication that that master control is a popular model and will last for some time.
The alarm master control consists of a box with a circuit board as well as a back-up battery in case the power should fail or an intruder deliberately turns it off. The battery should be rechargeable so that it will be ready and fully charged when you need it. When selecting an alarm, ask if it comes with this power protection. More…

Glass-break sensors are available in a variety of shapes and sizes. Here are the most common methods of detecting glass breakage.
Audio glass-break sensors are placed in a room next to the area to be protected. They are designed to hear the high-pitched sound of shattering glass. Some units are sensitive enough to cover an entire bank of windows. The disadvantage of using this type of device is that if it is too sensitive, it could hear a noise that may sound like glass breaking and activate the alarm. Since most of these devices have adjustments built into them, you’ll want to test the sensitivity carefully.
In a home, the only protection that is normally used are contact switches attached to the doors and windows and possibly a motion detector in a high-traffic location. Up to this point we have not done anything to physically protect the glass. You can add a motion detector to each room of your home, but due to the cost and inconvenience, that probably isn’t a good option.
The audio glass-break sensor is better because it is relatively inexpensive and won’t restrict movement in the home the way a motion detector will. Audio glass-break sensors are used to protect businesses too.
Shock sensors are placed on the actual metal frame of a window and are designed to detect the shock of intrusion through that particular opening. There are some new models that act as combination shock sensors and audio units. They, come in various sizes, from as small as a quarter up to the size of a half a pack of cigarettes. More…

Photoelectric beams are another form of motion detection…sort of. Sort of? This type of motion detector is somewhat different than the rest. You have probably seen many forms of them and not known it. An example would be the annunciation device used in commercial establishments to let the proprietor know when someone has walked in the front door. Some dry cleaners happen to have one of these. Most of these are nothing more than a set of photoelectric detectors hooked into a control and a buzzer.
The detector itself is quite a simple device consisting of a transmitter and a receiver. The transmitter emits a beam of light that is sent to the receiver. The light in the older models is quite visible; the newer models, however, use more of an invisible source and are virtually impossible to see. Please see the picture at left for the various photoelectric protection patterns. More…

No matter how much of your IT is outsourced, you have the feeling that the data at the datacenter is secure. Your databases and storage, sometimes your Active Directory and other servers are there. They are secure - the procedures to protect your data are usually tough to bypass and little attackers are brave and smart (or stupid?) enough to try their luck there.

However, it is not at all important.

When somebody attacks you, they will attack your infrastructure, not the one at the datacenter. People bend much easier than equipment, and are much more succeptible to defeat. In fact, who will spend the time in breaking through tens of firewalls and protections at the datacenter, when they could bypass a single (or dual) firewall and get straight into the heart of your company?

New strategy. Before protecting your firewall, your DMZ (I already said in a previous post, that DMZ is useless) - protect your client computers. Yes, build your network with firewalls first, dmz second, internal network and finally client computers - but start protecting your network in depth *from* the client computers, outwards. If your accountant uses Excel, Word and Powerpoint in their work, do not allow them to run Firefox or Skype! Do not give them higher than Guest permissions on their computer! They want to install the latest screensaver? Fine, let them do it at home. No playtime at the company computer network.

Your system administrators, of course, need to work as administrators of their own computers. WRONG! Guest, and Run As when needed.

The CEO needs full access to his computer, of course! … ? - NO! Guest permissions. Unless he signs a document that he is ready to take responsibility for leaking confidential information from his computer, to the internet.

Think about it, and the logic will become clear. Leave one link weak, leave microscopic opening in your security - it *will* be used against you, sooner or later. Make sure you’re not responsible for it, do your job and secure as good as you can.