Introduction


 

Preventing unauthorized downloading as well as the uploading of inappropriate software and data is important when trying to protect and administer a company's computer network. The traditional solution has been a physical lock on the floppy drive. DeviceLock eliminates the need for physical locks and has a number of advantages. 

 

DeviceLock is easy to install. Administrators can have instant access from remote computers when necessary. The administrator of the machine or domain can designate user access to USB, FireWire, Infrared, COM and LPT ports ports, WiFi and Bluetooth adapters, PDAs, smartphones, optical drives, floppy drives, other removable devices, the Windows Clipboard, mapped drives, serial ports and USB devices that can be redirected to terminal sessions, clipboard operations in terminal and/or virtual environments. All types of file systems are supported.

 

NetworkLock, an extension to DeviceLock, provides control over network communications. Administrators can designate user access to the FTP, HTTP, MAPI (Microsoft Exchange), SMB, SMTP, Telnet protocols, instant messengers (Skype, ICQ/AOL Instant Messenger, Windows Live Messenger and Windows Messenger, Jabber, IRC, Yahoo! Messenger, Mail.ru Agent), cloud storages (Amazon S3, Dropbox, Google Drive, Microsoft SkyDrive, etc.), webmail and social networking applications (AOL Mail, Gmail, GMX Mail, Hotmail, Mail.ru, Rambler Mail, Web.de, Yahoo! Mail, Yandex Mail; Facebook, Google+, LinkedIn, LiveJournal, MeinVZ, Myspace, Odnoklassniki, SchuelerVZ, StudiVZ, Tumblr, Twitter, Vkontakte, XING). 

 

ContentLock, another extension to DeviceLock, extracts and filters the content of data copied to removable drives and plug-n-play storage devices, as well as that transmitted over the network. Administrators can create rules that specify which content can be copied and transmitted.

 

DeviceLock can audit user activity for a particular device type or protocol on a local computer. Based on the user's security context, this capability allows you to audit activities that belong to a certain user or user group. DeviceLock employs the standard event logging subsystem and writes audit records to the Windows event log.

 

DeviceLock supports data shadowing - the ability to mirror all data copied to external storage devices, transferred through serial and parallel ports or transmitted over the network. A full copy of the files can be saved into the SQL database. Shadowing, like auditing, can be defined on a per-user basis.

 

Moreover, the DeviceLock data shadowing function is compatible with the National Software Reference Library maintained by the National Institute of Standards and Technology (NIST) and with the Hashkeeper Database designed and maintained by U.S. DOJ National Drug Intelligence Center (NDIC).

 

The data logged by DeviceLock can be checked against hash databases (collections of digital signatures of known, traceable data) and used in computer forensics.

 

You may also create your own database with digital signatures (SHA-1, MD5 and CRC32 are supported) of critical files and then use it for tracing purposes. For example, you can trace which users are copying signatured files, at what time, and with which devices.

 

For information on how to use hash databases in cooperation with DeviceLock, please contact our technical support team.

 

Also, DeviceLock provides instant searching of text across shadowed files and audit logs stored in the centralized database. DeviceLock can automatically recognize, index, search and display documents in many formats, such as: Adobe Acrobat (PDF), Ami Pro, Archives (GZIP, RAR, ZIP), Lotus 1-2-3, Microsoft Access, Microsoft Excel, Microsoft PowerPoint, Microsoft Word, Microsoft Works, OpenOffice (documents, spreadsheets and presentations), Quattro Pro, WordPerfect, WordStar and many others.

 

In addition to the standard (per computer) way of managing permissions, DeviceLock also provides you with a more powerful mechanism - permissions and settings can be changed and deployed via Group Policy in an Active Directory domain.

 

Tighter integration into the Active Directory is a very important function of DeviceLock. It makes DeviceLock's permissions management and deployment easier for large networks and more convenient for system administrators.

 

Integration into the Active Directory eliminates the need to install more third-party applications for centralized management and deployment. DeviceLock does not need to have its own server-based version to control the entire network, instead it uses standard functions provided by the Active Directory.