Vendors often distribute USB drives as gifts, while some would argue that this is a bad idea because they can introduce...
risks into an environment. What exactly are these risks and how can they be avoided?
USB drives and other so-called thumb drives do pose a real network security risk. They have become so inexpensive that they are often used as promotional gifts. Although they can be useful, they can harbor confidential data or introduce malicious code to a network. Next-generation U3 smart devices pose an even greater risk because they store and execute their own applications directly from the drive. Software programs can be downloaded onto them without any requirement for administrative privileges on the host computer. As you can imagine, this is a potential administrative nightmare, since users can easily run unauthorized programs that may consume bandwidth, impair network performance and generally undermine productivity.
There are various options for controlling the use of these devices. One is to disable Universal Plug and Play, which automatically loads USB storage devices as a drive, though this method is a little draconian. A better solution is to control which USB devices are allowed to connect to your systems. GFI EndPointSecurity, for example, allows administrators to manage and log access and activity of storage devices such as USB drives, as well as communication devices like BlackBerrys. I would combine this type of product with some form of application control at the desktop. Safend Protector, for example, allows smart storage devices to be used as mere simple storage devices -- so long as they comply with the rest of your storage policy. The tool also blocks smart functionality so that programs can't be run from the device. Finally, if you are thinking of upgrading to Windows Vista, check out its built-in USB device control features.
Learn more about controlling U3 smart drive use in the enterprise.
Enforce a "no USB devices" policy.
Dig Deeper on Information Security Policies, Procedures and Guidelines
Related Q&A from Michael Cobb
Many large enterprises have their own internal public key infrastructure. Expert Michael Cobb explains the considerations organizations should make ...continue reading
Network administrators typically resist policies for separate accounts when performing different tasks. Expert Michael Cobb explains the risk of ...continue reading
Microsoft is banning weak passwords on many of its services with the Smart Password Lockout feature. Expert Michael Cobb explains how it works, and ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.