Slashdot Mirror

← Back to Stories (view on slashdot.org)

How to Prevent IP Theft by Your Own Employees?

Posted by Cliff on from the corporate-espionage dept.

Cursed by USB asks: "We are a small software startup based in India. Recently one of our employees was caught trying to steal our IP (work) from a computer using a USB thumb drive. While all the staff computers are devoid of floppy drives, cd writers and internet connections, we simply cannot disable the USB ports since there are a lot of USB enabled peripherals that we use. Apart from trying to hire "trustworthy" people, are there any other bright ideas that Slashdot readers might have in this regard to help prevent such theft from workplace?"

11 of 236 comments (clear)

  1. Let me be the first to say... by rednip · · Score: 2, Informative
    Haw Haw.

    Perhaps you should just make them come to work in the nude? with a cavity search on the way out the door, aka South African diamond mines.

    Of course anyone who could produce work worth stealing probally wouldn't work under those conditions.

    --
    The force that blew the Big Bang continues to accelerate.
  2. One idea by DamienMcKenna · · Score: 3, Informative

    One idea would be to protect yourself.

  3. Do they have Email Access? by Y+Ddraig+Goch · · Score: 2, Informative

    If so you can't stop them, all they need to do is compress the IP and email it out of the building. The best thing you can do is treat your employees well and when (not if) there is a problem deal with it accordingly.

    --
    Meddle thou not in the affairs of Dragons, for thou art crunchy and with most anything.
  4. USB Device Scanner by Glamdrlng · · Score: 3, Informative

    It's not a total solution, but GFI Network Security Scanner (used to be LANGuard) can scan for unauthorized USB devices and fire off an alert if it detect one on a scan. Demo available at http://www.gfi.com/lannetscan/.

    --

    Yes, my only tool is a hammer. And you're starting to look like a nail.
  5. Registry control by brontus3927 · · Score: 5, Informative
    If you are using Windows XP with SP2 you can keep block storage devices from being written to. If you have XP but not SP2, this would be a good reason to install the service pack. If your don't have XP, try searching google for software that will provide the functionality
    Start -> Run: regedit

    Find the following key:

    Hive: HKEY_LOCAL_MACHINE
    Key: System\CurrentControlSet\Control \StorageDevicePolicies
    Name: WriteProtect
    Data Type: REG_DWORD
    Value: 0
    This allows writing. Change the value to 1. This will prevent writing. Save your registry and reboot. Of course, it's always recomended to backup your registry before making changes.

    Allegedly, Longhorn will have this control without having to hack the registry.

    --
    Free MacMini
  6. If you're using Linux, you have two options: by Trelane · · Score: 4, Informative
    1. Remove support for USB Mass Storage in the kernel and remove any usb mass storage drivers in the kernel (also disable firewire or do the same for firewire devices)
    2. (if you use 2.6.x or later and udev) Modify your udev rules to make usb mass storage devices (and whatever devices you wish) to appear where you want it to (e.g. in a mode 000 directory) and with the user/group and perms you want it to have.
    --

    --
    Given enough personal experience, all stereotypes are shallow.
  7. Mod Parent Up by j0nb0y · · Score: 3, Informative

    Some problems just can't be solved with technology...

    --
    If you had super powers, would you use them for good, or for awesome?
  8. If you are running Windows XP.... by sybarite · · Score: 5, Informative

    ...you can edit the following registry key to change the value of Start from 3 to 4. This will disable the USBSTOR.SYS driver preventing the use of USB filesystems. It will not disable other types of USB devices.

    HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR

  9. Partial Coding by dethwulf · · Score: 2, Informative

    From what I guess, and I only have limited program development experience, give each team/member partials of the total code. Granted, this will probably slow production or make for an interesting debug session. However, if you're developing something that you're truely worried about being leaked, having, for example, 30 employees with 1 part of the code each won't let them steal anything but that 1/30 of the total IP. So if that happens, so you're out a function, or whatever and you can hanlde his public flogging while the other 29 dutifully type out their 1/30 of the project.

    With that, you have 1 guy do the total compiling/debug that you know/trust/guard/make come to work naked with regular cavity checks/etc. Heck, that could be you if you're truely paranoid about it...

    --
    Good things come to those who wait on the early bird who gets the worm... hey, wait a sec!
  10. Re:Mistakes by Ithika · · Score: 3, Informative
    But copyright is on your side. You have two years of research and intimate knowledge of the subject to prove you did it (plus, no doubt, grant applications and research statements). The university will have regular offsite backups going back quite a while, all showing what you were doing, which will be fairly hard to forge. The thief has only your results.

    This kind of thing has been tried before; and failed.

    --
    the layman's guide to computer science
  11. Are you using Windows/Group Policy? by docubot · · Score: 2, Informative

    Windows XP Service Pack 2 (SP2) introduces a new registry subkey that lets you mark USB-based storage devices such as memory sticks as read-only devices. This is a useful security capability that can prevent users from copying data from their systems and taking that data offsite via a USB device. To enable the USB write protection, perform the following steps:

    1. Start the registry editor (regedit.exe).
    2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\StorageDevicePolicies subkey. (Create the StorageDevicePolicies subkey if it doesn't already exist.)
    3. From the Edit menu, select New, DWORD Value.
    4. Type the name WriteProtect and press Enter.
    5. Double-click the new value and set it to 1. Click OK.
    6. Close the registry editor.
    7. Restart the computer.

    To disable this change, you can either set WriteProtect to 0 or delete it.

    You should be able to roll this out as part of Group Policy or a startup script.