![]() But you may be able to cobble something together: But if you're doing this in a corporate environment, this does not protect you against malicious or careless users. This procedure works for you, assuming you follow it correctly. This will actually work with any USB stick it doesn't need hardware encryption. That way, you have access to the key file on any corporate machine, where the USB stick is authorised, but don't have the key file on any untrusted PC. Instead of using a password, generate a random key file, and use only the key file (no password) - you can do all this easily from the "Create Volume" wizard. You create a TrueCrypt container on the disk. I don't have a complete solution to this, but an idea that may get you started. None of the answers have really addressed the second part of your question "stop the use of the encrypted keys on other PC's". However, I still encourage you to write down, in specific details, what security properties you are trying to achieve - namely, the attack model.) (Of course, if the USB keys have already been bought, or, even worse, using encrypted USB keys is the pet idea of some upper manager, then not using the keys might not be an acceptable option. To obtain this functionality, you might be able to setup a VPN linking the approved machines together, thus avoiding the use of any USB device at all - at that point, you can then configure the laptop OS to refuse all USB devices altogether (this can be done in software, or in a more physically aggressive way by pouring epoxy glue in the USB ports). From your description, I suppose that you want users to be able to exchange data files between their "approved" laptops/desktop systems, but not with non-approved machines. This seems even harder to maintain.Īt that point, you might want to shift the problem. The problem of preventing the use of the approved encrypted keys on other machines than the user's approved laptop or desktop system is dual: this time, any filtering should occur in the encrypted USB key, who should reject "unapproved" laptops. A user could modify a programmable USB device to mimic an approved key, by sending the same identifiers to the machine. ![]() But most ways to filter devices can be worked around basically, the filter will ask for the device vendor identifier and model, possibly the serial number, and decide whether the device is "allowed" or "not allowed" based on this information. It will be helpful for other candidates.To stop the users from using other keys than the approved "encrypted USB keys", you may add some OS-side filters, as explains. If you are using any other Linux OS system, kindly check, How to get serial number in Linux using the same commands. ![]() I have tested and verified all these commands on Ubuntu Linux machine. If you get any error or system ask you for any privilege, use the commands with sudo. While running any of the dmidecode commands, try all these commands running without sudo first. ![]() You can also use the dmidecode to read any specific hardware/system parameter by specifying the parameter name. This will highlight the serial number of the hardware. If you want to get a serial number of the system in any Linux system like Ubuntu, run following command in terminal. This command will give complete information about the system. How to check the Manufacturer, Model, and Serial Number? To shorten it or to get the particular information you have to be specific. Try getting admin privilege by running following sudo command. If it is not working, it requires root permission. This table consists of all the hardware, processor, system, BIOS information, etc.Ī dmidecode command just fetches the content from this table and display it in the human-readable format on the terminal. The name itself depicts as it is a command to decode the value in DMI table.ĭMI table is also called as SMBIO. You can also get system info using system information command in windows.įor Linux: If you are using any of the Linux systems, you have to run the command to the system details like serial number, manufacturing model… You can do this easily by the dmidecode command in the command line terminal. For Windows: If you are using Windows, you can check serial number and all other hardware related information in system property using User Interface.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |