Monitor and block the inside threats

Jan 8, 2007 14:38 GMT  ·  By

System and network administrators have a lot of work when corporate computers are involved. They must assure that the computers are not vulnerable to the outside and inside attacks as well. Antivirus software, antispyware, firewalls, all are needed to keep a high degree of security on those computers.

I would like to present you with two more helpful tweaks to monitor and protect the corporate computers against inside problems such employee inadequate computer usage. Because these tweaks are done editing the registry, please don't forget to backup the registry before applying them.

Using the Shutdown Event Tracker

For those who want to monitor how their employees handle the corporate PCs with Windows installed, using the Shutdown Event Tracker can be of great help. This feature is available for Windows Server 2003 and Windows XP Professional. Other versions of Windows do not have this option. In Windows XP Professional, the feature is present but it is not activated by default.

The mechanism

Shutdown Event Tracker is offering the possibility of recording the reasons why the operating system gets shutdown or restarted. It will collect information provided by the users whenever they shutdown/restart Windows. Hence, the system administrator or the business owner can permanently track the IT environment of his organization.

When the user is attempting to shutdown the machine on which the Shutdown Event Tracker is enabled, he/she will be asked to provide the reason for the action.

To activate this monitoring feature, you need to edit the registry.

Go to Start->Run->and type Regedit.

Browse the Registry tree and look for the following location:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionReliability.

Once you got there, double-click on ShutdownReasonUI and at the value field, instead of 0, type 1. 0 value stands for disable whereas the 1 value is for enable.

For the new setting to take effect, there is no need to restart the machine as the change will be immediately adopted by the operating system.

Now, whenever you want to restart/shutdown the PC, you should have a solid reason.

How to keep sensitive data inside the corporate computers. Avoid any leaks.

All business managers know that computers are a key element in their business and all the information stored on them is essential and in many situations, vital for the success of the business. Therefore, keeping the information inside the computers has become a real challenge for the system and network administrators.

Employees that work with important data have the option to copy it from the work computers and use it for their personal welfare. So, besides the contractual clauses signed by the employer and the employees there are some methods more or less elegant to seal the data inside the corporate computers.

System administrators chose not to install floppy disk drives and CD/DVD writers with the purpose of avoiding data leaks, but a new threat emerged: USB mass storage media. Because lately all the computers come with USB ports, it is impossible for the administrators to physically prevent access to those. Luckily, there are software applications that can do that. Though, Windows can be trained to refuse any attempt of data writing on USB devices. This method is more comfortable because it's a money saver for companies.

How it's done

Go to the Registry editor (Start->Run-> type Regedit) and browse to the following address:

HKEY_LOCAL_MACHINESystemCurrentControlSetControlStorageDevicePolicies and create the following value: WriteProtect giving it the value of 1.

In case the registry address mentioned above doesn't exist, you need to create it yourself. Please note that this tweak works only on Windows XP Professional with Service Pack 2 installed. For Windows XP Home Edition users, it is recommended to use a specialized USB blocking software.

Once you have created that value, all the USB storage devices that are connected to the computer will work in Read-Only mode.