Everyone who works with computer systems are concerned with security. We put up firewalls. We install antivirus and antispyware software. We deploy intrusion detection systems. We limit employee access to specific websites. And yet, many of us miss one of the biggest security holes on our systems.
It does not require installation in most cases. It can expose massive amounts of vital corporate intellectual property. It bypasses corporate firewalls. It is the dreaded USB drive! There are at least three different ways that USB drives pose a risk to corporate security.
Podslurping
Podslurping is the act of copying data from a corporate computer to a USB drive for the purpose of offsite removal. You can see an excellent example of podslurping in the 2003 movie The Recruit where Bridget Moynahan’s character Layla Moore uses a Dell 16MB USB drive to steal code out of CIA Headquarters.
The shear simplicity of the process makes it so dangerous. Anyone can plug in a USB drive, copy data to it, and walk out the door with gigs of data. And no one is would be aware of it.
Eric Detoisien has devised a proof of concept program that demonstrates just how easily this can be done. His article (in French or Google translated English) can automatically start copying data from a host system to a USB drive.
Or, if you want to be a bit less sophisticated, a simple modified Autorun.inf file along with a batch script can just as easily do the trick.
Unencrypted Data
If you want to get an idea as to how easy it is to lose a USB drive, simply check out the Lost and Found of any tech conference. You will find a pile of homeless USB drives.
My guess would be that the majority of these drives contain data that is not encrypted in any form. Thus, if the drive were to be lost, all of that data would be freely available to whomever found (or stole) it.
Infected Drives
I try to run a pretty tight ship when it comes to the networks that I manage. that includes my home network. I periodically run scans and look for security holes. Unfortunately, this is generally not the case for the average user’s home computer.
User’s home computers are often a mishmash of viruses, spyware, video games, corrupt files, and poorly written software. If someone were to plug a clean USB drive into one of these systems, who is to say that it will still be clean when it leaves? And then what happens when that drive is brought into the corporate network?
USB drives can bring in all types of nasties to your corporate network. Viruses can piggy back on otherwise innocuous files. Games and unauthorized software can be installed on workstations that hog resources. Back door programs can be installed to open up other security holes.
If you found this post useful, why don't you buy me a cup of coffee to show your gratitude?
| Trackback link - http://www.dailycupoftech.com/reducing-the-usb-threat/trackback/ |
|
December 28th, 2006 at 9:16 am
This is all good stuff, but if you have a boss that thinks Anti-virus and a firewall is all he needs, I can then see problems. Buy in at the highest level is really needed. For an entry level guy like myself who knows what is possible, it can be very hard to try and convince otherwise. I can see my users yelling at my boss who in turn would yell at me b/c USB drives don’t work. Nevermind what info is being taken out of the place.
On a side note, I played around with VM Ware’s ACE for laptops. A nice little laptop image that I could program with all the info needed to have people on the road “call in” to work using secure settings and still allowing them to use the “original” OS on the laptop to sure on open Wifi.
How about a story or two for us just starting out in the industry on getting higher ups to buy in for intrusion detection or placing IDS into the system?
Thanks!
January 16th, 2007 at 5:50 am
i’m in the of middle of my javascript when i found this article, i already write a script to detect USB mass storage plug in to my computer, the script will by passing the USB, and force to remove the drive letter that ussualy used by the USB storage (in my is G). maybe stupid but it secure my computer, if you had any question rq_pes@plasa.com
January 18th, 2007 at 9:54 am
Yeah… I’m one of those bad USB boys… I’m surfing and running firefox off a usb drive right now, because they don’t block it, and give EVERYONE HERE ADMISTRATIVE RIGHTS!!! ROTFLMAO. Oh well. But yeah, I use it so that i get around the company firewall and restrictions on IE. They have an internal IT Tech that does all the differnt locations and I’ve tried my USB key on all of the systems I’ve come in contact with and yeah…they need to learn about USB Security. My manager is cool and I showed her.. she’s like OMG!! She doesn’t mind I do it as long as our tech does not find out… LOL.
February 17th, 2007 at 3:46 pm
[Daily Cup of Tech] Reducing the USB Threat Podslurping is the act of copying data from a corporate computer to a USB drive for the purpose of offsite removal. You can see an excellent example of podslurping in the 2003 movie The Recruit where
February 17th, 2007 at 3:46 pm
[Daily Cup of Tech] Reducing the USB Threat
February 17th, 2007 at 3:46 pm
[Daily Cup of Tech] Reducing the USB Threat Podslurping is the act of copying data from a corporate computer to a USB drive for the purpose of offsite removal. You can see an excellent example of podslurping in the 2003 movie The Recruit where
February 17th, 2007 at 5:59 pm
[Daily Cup of Tech] Reducing the USB Threat Podslurping is the act of copying data from a corporate computer to a USB drive for the purpose of offsite removal. You can see an excellent example of podslurping in the 2003 movie The Recruit where
February 17th, 2007 at 5:59 pm
[Daily Cup of Tech] Reducing the USB Threat Podslurping is the act of copying data from a corporate computer to a USB drive for the purpose of offsite removal. You can see an excellent example of podslurping in the 2003 movie The Recruit where
February 23rd, 2007 at 4:29 pm
El problema de seguretat de les memòries USB [Daily Cup of Tech] Reducing the USB Threat Podslurping is the act of copying data from a corporate computer to a USB drive for the purpose of offsite removal. You can see an excellent example of podslurping in the 2003 movie The Recruit where
March 28th, 2007 at 5:18 pm
Linux from Scratch, The Saga Modify Every Computer on the Network Monitor Your Website With Google Alerts Multiple Computer Setup Perform MD5 Using AutoIt Providing User Feedback In AutoIt Recovering Your Lost Passwords Reducing the USB Threat Remote Control Mac From Windows Setting Up FTP Access in FreeNAS Spam Filter Busters Stop Applications From Running Stop Bleeding Personal Information Support DCoT System Auditor USB Key Tech Blog of the Week
January 7th, 2008 at 12:35 pm
Looks like spamers are taking to your site…