Don't forget USB sticks that charge capacitors from USB port then discharge high voltage into USB port to damage the hardware. http://securityaffairs.co/wordpress/34784/hacking/killer-usb-burn-a-pc.html
On Tue, Mar 27, 2018 at 6:39 AM, R.S. <r.skoru...@bremultibank.com.pl> wrote: > No, no, and no. > Laptops are used (mostly) just to take them out of the company. > It doesn't mean you can do anything you want with the laptop. Some things > can be disable and other can be forbidden (do not try...). > Some companies use hardened setup for company laptops. In that case: > * no software can be installed by the user > * AV and other software is active > * all network connectivity is beind done through company firewall (yes, even > Google is accessed though the company) - like PC in an office. > * USB sticks are not allowed (disabled by software). > > BTW: USB stick found on the street is one of the most dangerous things. It > can be prepared to simulate HID (a mouse) and then bypass many protection > leveles intended for USB *STORAGE*. Of course regular USB stick with some > recent virus is also not nice, but it's much easier to detect. > > BTW2: Why to not disable USB ports at all? To allow cameras, microphones, > mice (mouses?), etc. Of course laptop has most equipment embedded. > > -- > Radoslaw Skorupka > Lodz, Poland > > > > > > > W dniu 2018-03-27 o 09:12, Vernooij, Kees (ITOPT1) - KLM pisze: >> >> Of course, a logical measure. Taking a laptop out of the building, do >> something with it and take it back in again is just as 'safe' as bringing in >> a usb stick you found on the street. Both should be fully blocked. >> >> Kees. >> >>> -----Original Message----- >>> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On >>> Behalf Of Barbara Nitz >>> Sent: 27 March, 2018 9:06 >>> To: IBM-MAIN@LISTSERV.UA.EDU >>> Subject: Re: Software Delivery on Tape to be Discontinued >>> >>> On Mon, 26 Mar 2018 15:23:42 -0400, John Eells <ee...@us.ibm.com> wrote: >>> >>>> In addition to that, you can take a laptop outside your firewall, >>>> download stuff*, bring the laptop back in, connect to your internal >>>> network, and upload it to z/OS to be processed. >>> >>> No, you cannot. Where I work, the laptops don't have a DVD/CD drive and >>> are essentially just an expensive way of getting to a Citrix client. I >>> cannot even reach the internet from my company laptop. All I can access >>> is the company's extranet to set up the VPN tunnel. And heaven help you >>> if your anti-virus definition isn't current. They update their antivirus >>> catalog and then kick you out of VPN in the middle of working because >>> 'definitions are not current'. And no USB or Bluetooth, either! >>> I am one of the lucky few to still have a desktop computer at work which >>> has a DVD drive. They made it so that I cannot access that DVD drive >>> anymore, not to mention no USB allowed. >>> >>> We're lucky in that we have been able to set up the sysprog sandplex to >>> access the internet for downloads from ShopZ. >>> >>> Barbara >>> >>> > > > ====================================================================== > > > -- > Treść tej wiadomości może zawierać informacje prawnie chronione Banku > przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być > jedynie jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś > adresatem niniejszej wiadomości lub pracownikiem upoważnionym do jej > przekazania adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie, > rozprowadzanie lub inne działanie o podobnym charakterze jest prawnie > zabronione i może być karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo, > prosimy niezwłocznie zawiadomić nadawcę wysyłając odpowiedź oraz trwale > usunąć tę wiadomość włączając w to wszelkie jej kopie wydrukowane lub > zapisane na dysku. > > This e-mail may contain legally privileged information of the Bank and is > intended solely for business use of the addressee. This e-mail may only be > received by the addressee and may not be disclosed to any third parties. If > you are not the intended addressee of this e-mail or the employee authorized > to forward it to the addressee, be advised that any dissemination, copying, > distribution or any other similar activity is legally prohibited and may be > punishable. If you received this e-mail by mistake please advise the sender > immediately by using the reply facility in your e-mail software and delete > permanently this e-mail including any copies of it either printed or saved > to hard drive. > > mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa, > www.mBank.pl, e-mail: kont...@mbank.plsąd Rejonowy dla m. st. Warszawy XII > Wydział Gospodarczy Krajowego Rejestru Sądowego, nr rejestru przedsiębiorców > KRS 0000025237, NIP: 526-021-50-88. Według stanu na dzień 01.01.2018 r. > kapitał zakładowy mBanku S.A. (w całości wpłacony) wynosi 169.248.488 > złotych. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
