Device management in a company is important as well. Many companies may allow users to user various hardware devices without any limitation. However, according to a data theft statistics by Verizon's 2008 Data Breach Investigations Report, 66% of breaches involved data the company did not know was on their system. And ths most widely used way to copy confidential company information is to use removable USB disk, DVD or other portable media devices.
After deploying SurveilStar Agent on users' computers, IT manager can block any hardware usage by using Device Policy and prevent data leakage from various devices.
In SurveilStar Console, click menu 【Policies > Device】, click Add button to create a device policy. Then you will see Property settings like the picture below.
Properties | Value |
Name | Give your device policy a name like Block Wireless. |
Time | Set effictive time for your device policy. |
Action | Select policy execution action. Allow, Block and No Action are available. |
Alert & Alert Severity | Enable or disable alert on SurveilStar Console if any PC tried to break the policy. Choose alert severity if Alert is enabled. Low, High and Critical are available. |
Warning & Warning Message | Enable or disable warning message to show on agent PC. Set warning message if Warning is enabled. |
Take effect while offline | Check this option if you want the policy to be effective only when the PCs are offline. |
Expiration Time | Check and apply this option to set expiring time for the policy. |
Description | Fill in device information. |
The device control policies support the followings: Storage, Communication Interface Device, Dial, USB Device, Network Devices and other devices.
Storage | |
Floppy | Limit the usage of floppy. If you want to block Floppy, check this option and set Action to <Block>. |
DVD/CD-ROM | Limit the usage of DVD-ROM, CD-ROM and BD-ROM. If you want to block CD/DVD/Blu-ray drives, check this option and set Action to <Block>. Then DVD drive, CD drive or Blu-ray drive will be invisible. This option doesn't work for virtual DVD/BD-ROM created by Deamon Tools or similar software. If you want to block virtual DVD/CD-ROM, refer to Other Devices in this chapter. |
Burning Device | Limit the usage of CD burning, DVD burning or Blu-ray burning. Check this option and set Action to <Block>, and any burning actions will be blocked. However, disc reading is allowed. If you want to block disc reading as well, block DVD/CD-ROM. |
Tape | Limit tape usage. |
Movable Devices | Limit the usage of any movable devices including removable disk, memory stick, IC card, etc. Check this option and set Mode to block if you want to block such devices. |
Non-system Drives | Limit the usage of any non-system drives. Check this option and set Action to <Block> if you want to block non-system devices. |
Portable Deives (E.g. Smartphone) | Limit the usage of any portable devices including iPad, iPhone, iPod, PSP, Walkman, Zune, BlackBerry, Nexus One, Samsung Mobiles, Android mobiles, Creative Zen, Archos and more. Check this option and set Action to <Block> if you don't want your employess to use such devices. |
Communication Interface Device | |
COM | COM Ports Control. |
LPT | LTP Ports Control. |
USB Controller | USB Controller Control. |
SCSI Controller | SCSI Controller Control. |
1394 Controller | 1394 Controller Control. |
Infrared | Infrared device Control. |
PCMCIA | PCMCIA Card Control. |
Bluetooth | Bluetooth device Control. |
MODEM | Modem device Control. |
Direct lines | Direct connection control between two computers using USB cable, COM port or Serial cables. |
Dial | |
Dial-up Connection | Dial-up Connection Control. |
USB Device | |
USB Keyboard | USB Keyboard Control. |
USB Mouse | USB Mouse Control. |
USB Modem | USB Modem Control. |
USB Image Device | USB Image Device Control such as Webcam, Digital Camera and Scanner. |
USB CDROM | USB CDROM Control. |
USB Storage | USB Storage Control. |
USB Hard disk | USB Hard disk Control. |
USB LAN Adapter | USB LAN Adapter Control. |
Other USB Devices | Control other USB devices not mentioned above. |
Network Devices | |
Wireless LAN Adapter | Wireless LAN Adapter control. |
PnP Adapter (USB, PCMCIA) | PnP Adapter (USB, PCMCIA) control. |
Virtual LAN Adapter | Virtual LAN Adapter control. |
Others | |
Audio equipments | Audio, video and game controller control. |
Vitual DVD/CD-ROM | Vitual DVD/CD-ROM control. |
Wireless network | Wireless network access control. Control access to the specified wireless network specified by the device description. You can also leave it blank for more wireless net. Device description format: SSID = Wireless Network Name|BSSID = Network Address. SSID and BSSID can set only one or both. Supports wildcards, and multiple network device description can be separated by ";". For example: SSID=teclink_11|BSSID=aa-77-dd-00-88; SSID=teclink_10; BSSID=aa-ee-dd-00-88; |
Any new devices | Any new devices plug-in. if the Action is set to <Block>, all new devices cannot be used. |
Some companies’ policies not allow staff listening music or playing online game during office hours. In this case, System administrator can set a policy to prohibit the use of Audio.
1. Choose computer from the left list and then create a device policy.
2. Properties: Time <Working Time>. Action <Block>. Check <Audio equipments> under Others.
Then audio equipments of selected computers would be disabled.
The requirement is that the company only allow employees to use the company's internal wireless network and would like to block some other wireless networks. Then you can set the device policy to prohibit connection to these wireless networks.
1. Choose computer from the left list and then create a device policy.
2. Properties: Action <Block>. Check <Wireless network> under Others.
3. Description: Fill in the wireless network information, such as: SSID=teclink_11|BSSID=aa-77-dd-00-88; SSID=teclink_10; BSSID=aa-ee-dd-00-88
After setting is successful, the client can not connect to
a) wireless network called teclink_11 while Network Address is aa-77-dd-00-88.
b) wireless network called teclink_10.
c) wireless network which Network Address is aa-ee-dd-00-88.
Basic Policy | Back to Index | Application Policy |