Control Usage of Portable Devices with GFI EndPointSecurity

Posted on January 7, 2009 by Daniel Petri in Windows Vista with 0 Comments

Uncontrolled use of iPods, USB sticks, PDAs and other devices on your network can lead to data theft, introduction of viruses, legal liability issues and more. In a society where the use of portable storage devices is commonplace, the threat that these devices pose to corporations and organizations is often ignored. GFI EndPointSecurity is one of the best portable device control software that I’ve tested, allowing you to easily control the usage of portable devices into your corporate network and thus strengthening your physical security.

Control network access and use of devices such as USB drives, iPods, PDAs, Cameras and more

The introduction of consumer devices such as iPods, USB drivers, smart phones and other portable devices in the past few years has greatly increased the risk of data leakage and malicious activity on networks. With mass storage devices easily inserted into USB ports, employee can easily copy huge amounts of sensitive data onto an iPod or USB stick without ever being noticed. Unfortunately, many businesses are unaware of or ignore the threat until something actually happens.

Developments in removable media technology are escalating. The newer versions of portable devices, such as flash memory, have been increasing in capacity and performance making them:

  • Easy and fast to install
  • Capable of storing huge amounts of data
  • Physically small enough to carry in a pocket

These devices are so easy to use that inserting them into un-trusted computers can easily get them infected with viruses or malware, and introducing these threats into corporate networks can be dangerously easy, even though most companies have anti-virus software, firewalls, email and web content security to protect against threats. The main reason for this is the fact that these protection measures are mostly targeted against external threats, and do not always look inside the corporate network. Another risk that is being added is the fact that it is very easy for users to bring in illegal software.

The best way to ensure complete control over portable devices is by putting technological barriers. One way to prevent usage of portable devices is to lock down all ports and BIOS settings but this will require a large amount of administrative overhead. A much more advised method of managing portable device use is to install an endpoint security solution that gives administrators control over what devices are in use, have been used and by whom and in-depth knowledge of what data has been copied. Using GFI EndPointSecurity you can centrally disable users from accessing portable storage media preventing users from stealing data or bringing in data that could be harmful to your network, such as viruses, trojans and other malware.

Control portable device use on your network with GFI EndPointSecurity

GFI EndPointSecurity allows administrators to actively manage user access and log the activity of:

  • Media players, including iPods, Creative Zen and others
  • USB drives, CompactFlash, memory cards, CDs, floppies & other portable storage devices
  • PDAs, BlackBerry handhelds, mobile phones, smart phones and similar communication devices
  • Network cards, laptops and other network connections
  • Printers

Supported device connectivity ports – GFI EndPointScan scans for devices which are or have been connected on the following ports:

  • USB
  • Firewire
  • Bluetooth
  • Secure Digital
  • Serial & Parallel
  • Infrared Internal (e.g. optical drives, floppy drives)

Installation is easy – GFI EndPointSecurity installs a small footprint agent on the machine (only 1.2 MB in size), and because it is stealthy, the user will never know it is there. Deploy the agent to hundreds of machines is done with just a few clicks. After the installation the agent queries Active Directory when the user logs on and sets permissions to the different nodes accordingly. If the user is not a member of a group that allows him/her access, then access to the device is blocked.

Administrators can automatically schedule agent deployment after the administrator makes policy or configuration changes. If a deployment fails, it is rescheduled until deployed successfully. GFI EndPointSecurity also allows Active Directory deployment through MSI.

Installation of GFI EndPointSecurity is straightforward. You can read more about it in the installation manual found HERE.

Log the activity of portable storage media like USB memory sticks, SD cards and more – GFI EndPointSecurity logs device-related user activity to both the event log and a central SQL Server. A list of files that have been accessed (or read/written) on a device is recorded whenever a user plugs in a device to the network.



Easily configure group-based protection control via Active Directory – Configuration is effortless and leverages the power of Active Directory and does not require the administrator to remember and keep track of which policies were deployed to which computers. You can categorize computers into different protection groups, and for each group you may specify different levels of protection and devices to allow or disallow access to. You can also leverage the power of groups and make an entire department a member of the group and easily change the settings for the entire group.

Advanced granular access control, whitelists and blacklists – You can easily allow or deny access to a range of device classes, as well as blocking files transferred by file extension, by physical port and by device ID (the factory ID that tags each device). It is also possible to specify users or groups that should always have full access to devices.

Temporary device access – Temporary access can be granted to users for a device (or group of devices) on a particular computer for a particular timeframe.

Real-time status monitoring and real-time alerts – GFI EndPointSecurity provides real-time status monitoring through an interface that displays statistical data through graphical charts, the live status of the agent and more. It also allows you to send alerts when specific devices are connected to the network. Alerts can be sent to one or more recipients by email, network messages, and SMS notifications sent through an email-to-SMS gateway or service.

Device discovery – GFI EndPointSecurity can be used to scan and detect the presence of devices on the network. The information on detected devices can then be used to build security policies and assign access rights for specific devices.

Other features of GFI EndPointSecurity include:

  • Password protected agents to avoid tampering
  • Set up custom popup messages for users when they are blocked from using a device
  • Browse user activity and device usage logs through a backend database
  • Maintenance function that allows you to delete information that is older than a certain number of days
  • Support for operating systems in any Unicode-compliant language

System requirements

The following are the system requirements for GFI EndPointSecurity:

Hardware requirements-

  • Processor: 2GHz processor clock speed
  • RAM: 512 MB (minimum); 1 GB (recommended)
  • Hard Disk: 100 Mb of available space

Software requirements-

  • Operating system: Windows 2000 (SP4), XP, 2003, Vista and 2008 (x86 and x64 versions)
  • Internet Explorer 5.5 or later
  • .NET Framework version 2.0
  • Database Backend: SQL Server 2000, 2005, 2008 Port: TCP port 1116 (default)

NOTE 1: The firewall has to be configured to allow GFI EndPointSecurity to listen on the configured TCP port.

NOTE 2: GFI EndPointSecurity can only be installed and launched when using administrative privileges.

GFI EndPointSecurity agent – hardware requirements-

  • Processor: 1GHz processor clock speed
  • RAM: 256 MB (minimum); 512 MB (recommended)
  • Hard Disk: 50 Mb of available space

GFI EndPointSecurity agent – software requirements

  • Operating system: Windows 2000 (SP4), XP, 2003, Vista and 2008 (x86 and x64 versions)

I hope you being investigating how you can better secure your network by taking a look at GFI EndPointSecurity today!