Re: Root password, sure, but why wasn't the data encrypted?
Software like this has no reason to be expensive, its simply overpriced.
Prevent access to USB? Just remove the USB drivers and the system will ignore the ports and only someone with suitable privileges would be able to reinstall them.
And incidentally, USB devices are used because they are most convenient, if you block USB them people who want to extract information will use other less obvious ways.
If you leave USB enabled, but keep a log of any data written to such a device then you stand a better chance of catching someone who will often just use the easiest method to extract data. If you disable USB and assume that's an end to it, then the attacker will either find a way to re-enable it (which you wont be expecting or monitoring), or find some other way to get data out which again is less likely to be noticed...
How many organisations control what you print? How many do it in a half assed way (eg your supposed to print through a printserver which logs, but its possible to connect directly to the printer which doesn't).
How many will do an adequate search to ensure you don't enter the building carrying a tiny camera, audio recording device, modem, wireless transmitter etc?
How many sites are in such locations that would make it impossible to throw something out so that it clears the perimeter fence and falls on public land where it can be collected later?
How many networks are connected to the internet and just restricted by firewalls, and how secure are these networks? In many cases its possible to get *something* out which could be used as a covert channel, and in even more cases its easily possible to compromise the local network to such a degree that you are able to modify the firewall rulesets to suit your purposes. The average windows network is horrendously insecure, and firewalls while generally much tougher unix based systems are often administered from windows workstations which sit on a trivially ownable domain, likely the same domain as end user workstations.
You are only as secure as the weakest link, and yet many organisations waste millions trying to strengthen areas that were never their weakest link in the first place.
Biting the hand that feeds IT
