The unrestricted use of the diskette drive and CD-ROM represents a security risk. On the other hand, we need to avoid making life difficult for the users. Most access control products allow access to disks to be blocked. In principle, this is done in two ways. All access to the file system is controlled, and any attempt to access a blocked disk is prevented by an active program monitoring such activities. The second, alternative approach is remove disks entirely from the list of disks available to DOS. This means that the disk is not even shown in Windows File Manager. One disadvantage of this method is that is it often difficult to return the disk to the list of available resources. In many cases, this cannot be done without restarting the computer. A general policy for diskettes and CD-ROMS should be to allow them to be used to retrieve data, but not to start programs. Although it would be desirable to block access to all removable media, the disadvantages from the users' point of view would outweigh the security benefits. An alternative approach is to have a central CD-ROM drive to which all users have access. This means that you can control what is put into the drive. If direct access to the diskette drive is not permitted, a kind of lock gate system can be used instead. A number of companies currently use such a system. In a lock gate system, only specified file types are allowed to be moved directly from the diskette to the home directory on the server. A dedicated lock gate computer is used to perform the move. This computer checks that the files do not contain viruses, and that the file types and content are not barred from the network. Where access to the diskette drive is allowed, it is important to check files for viruses before they are allowed into the computer or network.