Access to the diskette drive or CD-ROM.
The unrestricted use of the diskette drive and CD-ROM represents
a security risk. On the other hand, we need to avoid
making life difficult for the users. Most access
control products allow access to disks to be blocked.
In principle, this is done in two ways. All access to
the file system is controlled, and any attempt to
access a blocked disk is prevented by an active program
monitoring such activities. The second, alternative
approach is remove disks entirely from the list of disks available
to DOS. This means that the disk is not even shown in Windows File Manager.
One disadvantage of this method is that is it often difficult to return the disk to the list of available resources. In many cases, this
cannot be done without restarting the computer. A general policy for diskettes and CD-ROMS should be to allow
them to be used to retrieve data, but not to start
programs. Although it would be desirable to block
access to all removable media, the disadvantages from the users' point of view would outweigh the security benefits.
alternative approach is to have a central CD-ROM drive to which all users have access. This means that you can control what is put into
the drive. If direct access to the diskette drive is
not permitted, a kind of lock gate system can be used
instead. A number of companies currently use such a system. In a lock
gate system, only specified file types are allowed to be moved directly from the diskette to the home directory on the server. A dedicated
lock gate computer is used to perform the move. This
computer checks that the files do not contain viruses,
and that the file types and content are not barred from the network. Where
access to the diskette drive is allowed, it is important to check files for viruses before they are allowed into the computer or network.
Windows Privacy Tools - http//www.privacywindows.com