Sophos Endpoint Security & Data Protection Dokumentacja Pobierz pdf (Strona 15)

2 SINGLE, CENTRAL AUTOMATED CONSOLE REVIEWER’S GUIDE

Device control policies

Device control can help to signiﬁcantly reduce your exposure to accidental data

loss and restrict the ability of users to introduce software and malware from

outside of your network environment.

Integrated into the Sophos endpoint agent, it enables you to control three types

of device:

• Storage: Removable storage devices (USB ﬂash drives, PC Card readers,

and external hard disk drives); Optical media drives (CD-ROM/DVD/Blu-ray

drives); Floppy disk drives; Secure removable storage devices

• Network: Modems; Wireless (Wi-Fi interfaces, 802.11 standard)

• Short Range: Bluetooth interfaces; Infrared (IrDA infrared interfaces)

By default, device control is turned off and all devices are allowed. If you want

to enable device control for the ﬁrst time, Sophos recommends that you:

• Select device types to control.

• Detect devices without blocking them.

• Use device control events to decide which device types to block and which,

if any, devices should be exempt.

• Detect and block devices or allow read-only access to storage devices.

Each device type supports both device instance and model exceptions. This

means that a USB key which belongs to the IT department can be exempted

from the removable storage block policy.

Exceptions are made easy to manage using the device control event viewer

within the Sophos Enterprise Console. It enables you to quickly ﬁlter and

review events generated by the device control policy, and authorize devices by

exempting them from the policy.

Figure 8: Device control – granular control of removable storage

1 2 ... 10 11 12 13 14 15 16 17 18 19 20 ... 40 41

Brak uwag

Sophos Endpoint Security & Data Protection Dokumentacja Strona 15