Q

Controlling U3 smart drive use in the enterprise

Many users have loaded Skype on U3 smart drives to get around their company's security policy. In this expert Q&A, application security pro Michael Cobb explains the best ways to control the use of mobile storage devices and protect the confidentiality of your data.

This Content Component encountered an error
Users have discovered that they can load Skype on U3 smart drives to get around our security policies. If we want to control p2p applications, what are our options? Can we employ application control on the desktop?
Mobile storage devices, or so called thumb drives, pose a real risk to network security. They can be used to download confidential data or introduce malicious code to the network. There has probably been far more corporate data lost to misplaced or stolen thumb drives than to laptops!

U3 devices compound these problems, since software can be downloaded on the host computer without any need for administrative privileges. U3 smart drives are specially formatted USB flash drives developed for Microsoft Windows systems, and they store and execute their own applications directly from the drive. Any data written to files or the host computer's registry is removed when the flash drive is ejected. This is an administrative...

nightmare, since users can easily run unauthorized programs that may consume bandwidth, impair network performance or undermine productivity. And the problem isn't going to go away. According to U3, forecasts predict USB flash drive sales to grow to 150 million units worldwide by 2008, with 70% of them projected to be smart drives.

You have various options to control the use of these devices. You could disable Universal Plug and Play, a set of protocols that automatically load USB storage devices as a drive, though this is a little draconian. A better solution is to control which USB devices are allowed to connect to your systems. GFI Software Ltd.'s EndPointSecurity, for example, allows administrators to log access and monitor the activity of storage devices such as USB drives and communication devices like BlackBerrys.

I would combine this type of defense with some form of application control at the desktop. Safend's USB Port Protector, for example, allows smart storage devices to be used strictly as simple storage devices (so long as they comply with the rest of your storage policy). The tool blocks their smart functionality so that programs can't be run from the device.

To tackle security issues involving Skype in particular, I would look to review your network border controls, such as firewalls, and stop the traffic on the network. Also, visit the Skype Web site, where you'll find an administrative template file for Windows Active Directory environments, allowing you to control Skype's use. At the end of the day, though, the only way to really reduce the risk of thumb drives is to develop and enforce an acceptable usage policy for thumb drives and U3-based applications. Your staff should also be made aware of the consequences of non-compliance.

More information:

  • Learn more about the threats that USB memory sticks pose to an enterprise.
  • Use this Messaging Security School lesson to protect your Blackberrys and other mobile devices.
  • This was first published in February 2007

    Dig deeper on Information Security Policies, Procedures and Guidelines

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close