Home > Ask the Security Experts > Expert Archive: Information Security Threats Questions & Answers > Do USB memory sticks pose enterprise threats?
Ask The Security Expert: Questions & Answers
EMAIL THIS

Do USB memory sticks pose enterprise threats?

Ed Skoudis, past SearchSecurity.com expert EXPERT RESPONSE FROM: Ed Skoudis, past SearchSecurity.com expert

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 30 October 2006
Do USB memory sticks pose new dangers for enterprises? Some reports claim that new drives can be used to automatically run malware. Is this true? And if so, what can information security pros do to prevent it?


BROWSE BY TAG
Expert Archive: Information Security Threats,   Information Security Policies, Procedures and Guidelines,   Application and Platform Security,   Web Server Threats and Countermeasures,   Web Security Tools and Best Practices,   Web Application and Web 2.0 Threats,   Information Security Management,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Expert Archive: Information Security Threats
The telltale signs of a network attack
Will Google Chrome enhance overall browser security?
Are there antivirus suites that pick up more than just run-of-the-mill viruses?
What tools can a hacker use to crack a laptop password?
Are social networking sites an easy target for malicious hackers?
What are the dangers of cross-site request forgery attacks (CSRF)?
Should social engineering tests be included in penetration testing?
What kind of data is compromised during a Google hack?
Best practices for using restriction policy whitelists
Defining mobile device security concerns

Information Security Policies, Procedures and Guidelines
Twitter risks, Facebook threats trouble security pros
Cybersecurity czar candidate questions clout of new position
Incident response planning
The basics of enterprise GRC project management
RSA council addresses growing security risks in the cloud
How to write a risk methodology that blends business, security needs
Risk management must include physical-logical security convergence
DHS fills National Cybersecurity Center post
New partnerships, creative thinking help security bust recession
Experts optimistic of Obama cybersecurity plan

Web Server Threats and Countermeasures
Stolen FTP credentials likely in massive website attacks
Microsoft warns of IIS zero-day vulnerability
How to find and stop automated SQL injection attacks
How to spot attacks through Apache Web server log analysis
Symantec acquires Mi5 Networks, bolsters Web security
How to harden Linux operating systems
How to clear out anonymous Web proxy servers in the workplace
Information security book excerpts and reviews
Is it more secure to have a mainframe or a collection of servers?
How does a Web server model differ from an application server model?

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
defense in depth  (SearchSecurity.com)
non-disclosure agreement  (SearchSecurity.com)
security policy  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


Yes, USB memory sticks (sometimes called "thumb drives") are a major security issue for several reasons. First, they offer employees an easy way to steal all kinds of sensitive information. They can walk out of an organization with a small, easily concealed device. Second, innocent employees can bring in thumb drives that contain a virus or worm and inadvertently infect an organization. And, third, a machine can run code from a USB drive simply by plugging it in; attackers can and have released software that can make a thumb drive auto-execute when inserted into a Windows computer. These programs trick Windows into believing that the USB drive is really a CD, which is then auto-run. We've been able to get these tools to work in our labs, so they are indeed a real threat. There are commercial products that do this as well, like SanDisk's U3 Cruzer drive. Thus, just plugging in a thumb drive can get you infected with a bot.

A few months back, an information security consulting firm employed this technique using a clever social engineering twist while performing a penetration test. The team scattered about 20 thumb drives around the penetration test customer's parking lot. Then, the team asked the employees of said company to find these USB tokens and plug them into corporate computers to see what was on them. Once inserted, the software on the drives automatically executed, allowing the penetration testers to bypass the firewall and control these computers.

So, how can information security pros deal with this new threat? You could disable USB tokens entirely from your environment, either by disabling the drivers on individual machines, or doing so on an enterprise-wide level, using Group Policy deployed with Active Directory. You can also use Group Policy to disable CD auto-run, as described here.

Some organizations have even taken the more draconian step of putting glue into all of their computer systems' USB slots to prevent them from being used. Of course, such a solution isn't ideal for all of us.

More information:

  • Visit our resource center for the latest news, tips and expert advice on how to create an effective device security policy.
  • Enforce a "no USB devices" policy by monitoring a laptop user's offline activities.

    		•



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    Targeted Security Channel Tips for Resellers, Integrators and Consultants
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts