Ardence Streaming Server Port Blocker and Auditing

I have been playing with Ardence Streaming Server as of late and noticed that the Port Blocker feature (which allows an administrator to disable use of floppy drives, USB storage, tape drives, etc. from the Ardence Administrator console) can be circumvented fairly easily. If you go into Device Manager on the streamed operating system, you will see the devices disabled by Port Blocker have been disabled within Device Manager. If you attempt to enable them, they will actually enable for a split second and then disable again. This is the result of the Ardence Port Blocker process running in the background and continually checking. By stopping the Ardence Client Service on the streamed operating system, Port Blocker functionality is completely disabled.

Of course you can only stop this service if you have permission to do so, but this is something to be aware of if you user has the rights to stop services on the streamed operating system as they have the ability to circumvent this feature via a simple process. It is always ideal that users do not have power user or administrator rights on the client operating system, but when it is necessary it would be nice to still be able to use the Port Blocker feature without having to worry about the user simply stopping or disabling the Ardence Client Service.

That said, the port blocker solution seems somewhat limited in an enterprise environment since there is no ability to assign privelages by user, only device or vDisk, and there is no centralized reporting or auditing of Port Blocker to view if the service had been stopped or disabled, who was attempting to use a USB drive unsuccessfully, how many times, and where, what files were copied against policy. Hopefully this ability will be added in a future release.

Advertisements

~ by mindsecure on June 25, 2007.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: