What is Trusted device list for removable devices?

Trusted device list is a technique that is used to provide privileged access for removable devices to access your corporate data. Device Control Plus works on the principle of zero trust based device intrusion prevention. Hence, no device unless trusted can ever access your computer.

Why do you need to create a trusted device list ?

Your enterprise may allow a multitude of devices to access your computers. Imagine if an employee tries to copy your sensitive data for his gain into his personal device. Without being able to distinguish between your corporate devices and personal devices your data cannot be stalled from being stolen.

 

Because privileged access allows users to have direct contact with sensitive information, attackers these days are cashing in on such users to steal the data.

How to create a trusted device list?

Trusting a device, means granting privileged access to that device. You can create a trusted device list by adding the devices to the trusted device list. To add the devices, follow the steps given below:

  1. Open Device Control Plus console --> Go to Trusted Devices.
  2. Click Create Policies --> Select the device type of the device that you trust.
    • Adding existing devices
    1. Click on Add existing devices. You can search for the device instance path in the search column or you can directly choose a device instance path from the same.
    2. Click Add.
    • Adding new devices
    1. Click Add new device tab
    2. Enter the device instance path
    3. Click add
    • Adding multiple new devices.
    1. Click Import files tab.
    2. Upload a CSV file that contains the device details (The CSV should contain the device type and Device instance path. Multiple entries should be in new lines.).
    3. Click add.

    4. Trusting devices using wildcard pattern

      Instead of specifying individual Device Instance Paths, a common wildcard pattern can be used to trust a group of similar devices. In order to trust devices using wildcard pattern,

      1. Navigate to Policies> Trusted devices> Trust devices using wildcards.
      2. Specify the wildcard pattern created using Device Instance Path and wildcards "*" and "?".
      3. Click Add.

      To create a wildcard pattern,

      • Replace the variable characters in the Device Instance Path with a wildcard character "*" or "?".
      • Use "?" to replace a single variable character.
      • Use "*" to replace more than one variable character.

      Examples:

      Device Instance Path of a USB storage device:

      Device: JetFlash Transcend 2GB

      Path: USBSTOR\DISK&VEN_JETFLASH&PROD_TRANSCEND_2GB&REV_8.07\G27IDL4A&0

      Wildcard pattern with an asterisk "*":

      Pattern:  USBSTOR*

      Description: All USB storage devices will be classified as trusted, irrespective of the string of characters in the Device Instance Paths after "USBSTOR".

      Wildcard pattern with question mark"?" and asterisk "*":

      Pattern: USBSTOR\DISK&VEN_JETFLASH&PROD_TRANSCEND_?GB&REV_8.07\*

      Description: JetFlash Transcend USB storage devices of memory 2, 4, or 8 GB will be classified as trusted, irrespective of the string of characters after "USBSTOR\DISK&VEN_JETFLASH&PROD_TRANSCEND_(2,4,or 8)GB&REV_8.07\".


      After adding the device instance path of the devices, click Save to save the trusted device list and use it while creating policies. Else, click Save as draft to save the policy locally and publish it when required.