Facts
Security Desk
Capture target devices in Security.Desk:
- Discover devices via domain list
- Discover devices by IP range
- Discover devices via Active Directory
Simple transfer with a mouse click from the respective device list.
Monitored interfaces:
- Removable storage (USB, memory cards, flash memory, etc.)
- Smartphones
- Tablets
- digital cameras
- CD / DVD
- WiFi
- Bluetooth
- Modem and UMTS devices
- LPT port, COM port
Rights per interface type:
- full access
- Read only (not possible with every interface type)
- use prohibited
- Each with or without file protocol
File Log - Recording of:
- Copy files to removable storage
- Get files from removable storage
- Deleting files on removable storage
- Rename files on removable storage
USB Control (BadUSB) – access control for:
- USB input devices (mouse and keyboard)
- Network Adapters
Monitoring of terminal server sessions
- Monitoring of file movements from and to local drives of thin clients in remote sessions of terminal servers or Citrix servers (additional module Terminal Server)
Assignment of rights based on:
- General (Everyone)
- User
- Organizational Unit (OU)
- Group
- Desktop
Further configuration options:
- White list:
Despite the prohibition, the use of individual devices or device series can be permitted. White lists can be defined globally, per OU, per group, per user or per computer. It is also possible to enter a specific release period (specific time interval (from / to) or release from or up to a specific point in time). - Blacklist file types:
They specifically prevent the copying of files of certain types (eg exe files) from or to removable media.
Since Security.Desk checks the signature of such a file, the file is also blocked after it has been renamed. In addition, the copying of Office files in which binary files such as exe files are embedded (embedded files) from and to removable storage can be prohibited.
The blacklist can be defined globally, per user, per OU, per group or per computer.
In addition, individual files can be specifically excluded from this general file type ban. Exceptions can be defined individually for reading and/or writing and even separately for device type (USB removable storage, CD/DVD). - Blacklist Software:
Blacklisted programs are blocked from running on clients. The blacklist can be defined globally, per user, per OU, per group or per computer. - Temporary release:
You can grant users temporary access to removable storage media for a limited time, even when there is no network connection.
components:
- FCS Security Service:
Service on the client to be monitored - FCS Security Import Service:
Usually runs on the computer on which the Security.Desk Manager is installed. The service imports all incoming messages as delivered by the security services from the clients. The Import Service takes this data and imports it into the Security.Desk database. - Security.Desk Manager:
Management interface with a central control station for monitoring interface use and assigning access rights
Supported Operating Systems:
- Windows Server 2008 R2, Windows Server 2012/R2, Windows Server 2016, Windows Server 2019
- Windows 8, Windows 10, Windows 11
32 and 64 bit respectively - Windows Terminal Server, Windows Server 2016 RDS
(requires module Terminal Server) - Citrix MetaFrame, Citrix XenApp 6.x, 7.x
(requires module Terminal Server)
Technical basis:
- State-of-the-art Microsoft .NET technology
Supported database systems:
- Microsoft SQL Server Express (from 2005)
- Microsoft SQL Server (from 2005)
Supported languages:
- German
- English