The Growing Problem of Data Theft
With the evolution of portable data storage devices, data theft has never been easier to accomplish. Even a 10 year old child could steal information from a system if he has physical access to it. One of the main reasons why stealing information has become so easy is related to the widespread adoption of USB keys and portable hard drives: They are easy to carry and install pretty much anywhere. With capacities going from 128MB to 160 Gigs, portable storage has never been cheaper. Of course, there are a few positive points brought by these devices. They are very useful to quickly backup your data, or even to help you transfer files in case of a Hard disk recovery problem.
Quote from a Computerworld article: "With more and more employees using flash drives, smart phones with Secure Digital memory cards, portable hard drives, etc., the likelihood of companies actually knowing about all instances of data loss is declining rapidly. And as a result, the possibility of companies breaking laws, whether for data-loss disclosure or regulatory compliance, is growing dramatically."
Unfortunately, Windows OSs will allow any USB storage device to connect to a system by default. As in all solutions, prevention is the best way to deal with this problem. A simple registry tweak in XP SP2 will prevent users from writing content to a USB device.
The key is located at: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StorageDevicePolicies
Setting name: WriteProtect
Default Value: DWORD=0
Possible Value: 0=disabled, 1=enabled
If anyone knows about a similar tweak for windows 2000, please let me know and leave it in the comments. Another good solution to the problem would be to disable all USB ports directly in the BIOS. Just be sure that it is password protected because someone could easily get back in and undo your modification.