Vendors often distribute USB drives as gifts, while some would argue that this is a bad idea because they can introduce...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
risks into an environment. What exactly are these risks and how can they be avoided?
USB drives and other so-called thumb drives do pose a real network security risk. They have become so inexpensive that they are often used as promotional gifts. Although they can be useful, they can harbor confidential data or introduce malicious code to a network. Next-generation U3 smart devices pose an even greater risk because they store and execute their own applications directly from the drive. Software programs can be downloaded onto them without any requirement for administrative privileges on the host computer. As you can imagine, this is a potential administrative nightmare, since users can easily run unauthorized programs that may consume bandwidth, impair network performance and generally undermine productivity.
There are various options for controlling the use of these devices. One is to disable Universal Plug and Play, which automatically loads USB storage devices as a drive, though this method is a little draconian. A better solution is to control which USB devices are allowed to connect to your systems. GFI EndPointSecurity, for example, allows administrators to manage and log access and activity of storage devices such as USB drives, as well as communication devices like BlackBerrys. I would combine this type of product with some form of application control at the desktop. Safend Protector, for example, allows smart storage devices to be used as mere simple storage devices -- so long as they comply with the rest of your storage policy. The tool also blocks smart functionality so that programs can't be run from the device. Finally, if you are thinking of upgrading to Windows Vista, check out its built-in USB device control features.
Learn more about controlling U3 smart drive use in the enterprise.
Enforce a "no USB devices" policy.
Dig Deeper on Information security policies, procedures and guidelines
Related Q&A from Michael Cobb
Android encryption on devices using Qualcomm chips can be broken due to two vulnerabilities. Expert Michael Cobb explains how these flaws affect ...continue reading
A flaw that allows attackers to load malicious DLL files in Symantec products was labeled as severe. Expert Michael Cobb explains the vulnerability ...continue reading
Mobile apps using insecure OAuth could lead to over one billion user accounts being attacked. Expert Michael Cobb explains how developers can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.