Home > Ask the Security Experts > Expert Archive: Information Security Threats Questions & Answers > Do USB memory sticks pose enterprise threats?
Ask The Security Expert: Questions & Answers
EMAIL THIS

Do USB memory sticks pose enterprise threats?

Ed Skoudis, past SearchSecurity.com expert EXPERT RESPONSE FROM: Ed Skoudis, past SearchSecurity.com expert

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 30 October 2006
Do USB memory sticks pose new dangers for enterprises? Some reports claim that new drives can be used to automatically run malware. Is this true? And if so, what can information security pros do to prevent it?


BROWSE BY TAG
Expert Archive: Information Security Threats,   Information Security Policies, Procedures and Guidelines,   Application and Platform Security,   Web Server Threats and Countermeasures,   Web Security Tools and Best Practices,   Web Application and Web 2.0 Threats,   Information Security Management,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Expert Archive: Information Security Threats
The telltale signs of a network attack
Will Google Chrome enhance overall browser security?
Are there antivirus suites that pick up more than just run-of-the-mill viruses?
What tools can a hacker use to crack a laptop password?
Are social networking sites an easy target for malicious hackers?
What are the dangers of cross-site request forgery attacks (CSRF)?
Should social engineering tests be included in penetration testing?
What kind of data is compromised during a Google hack?
Best practices for using restriction policy whitelists
Defining mobile device security concerns

Information Security Policies, Procedures and Guidelines
Health Net breach failure of security policy, technology
How to protect distributed information flows
Essential guide: Pandemic planning for H1N1
Whitelists, SaaS modify traditional security, tackle flaws
Melissa Hathaway urges more cooperation, government attention to cybersecurity
Reuters: Obama ready to select cyber security czar
How a corporate Twitter policy can combat social network threats
Should enterprises be concerned with Twitter in the workplace?
Information security management hype: Debunking best practices
Data breach avoidance begins with security basics, panel says

Web Server Threats and Countermeasures
Increase in Gumblar backdoors poses FTP credential problems
VeriSign extends DDoS attack protection service
Microsoft issues IIS FTP advisory, exploit code circulates
Panda reports fast-spreading rogueware antivirus fraud rakes in millions
Oracle issues quarterly patches, fixes database flaws
Latest DDoS attacks extremely unsophisticated, experts say
Stolen FTP credentials likely in massive website attacks
Microsoft warns of IIS zero-day vulnerability
How to find and stop automated SQL injection attacks
How to spot attacks through Apache Web server log analysis

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
defense in depth  (SearchSecurity.com)
non-disclosure agreement  (SearchSecurity.com)
security policy  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


Yes, USB memory sticks (sometimes called "thumb drives") are a major security issue for several reasons. First, they offer employees an easy way to steal all kinds of sensitive information. They can walk out of an organization with a small, easily concealed device. Second, innocent employees can bring in thumb drives that contain a virus or worm and inadvertently infect an organization. And, third, a machine can run code from a USB drive simply by plugging it in; attackers can and have released software that can make a thumb drive auto-execute when inserted into a Windows computer. These programs trick Windows into believing that the USB drive is really a CD, which is then auto-run. We've been able to get these tools to work in our labs, so they are indeed a real threat. There are commercial products that do this as well, like SanDisk's U3 Cruzer drive. Thus, just plugging in a thumb drive can get you infected with a bot.

A few months back, an information security consulting firm employed this technique using a clever social engineering twist while performing a penetration test. The team scattered about 20 thumb drives around the penetration test customer's parking lot. Then, the team asked the employees of said company to find these USB tokens and plug them into corporate computers to see what was on them. Once inserted, the software on the drives automatically executed, allowing the penetration testers to bypass the firewall and control these computers.

So, how can information security pros deal with this new threat? You could disable USB tokens entirely from your environment, either by disabling the drivers on individual machines, or doing so on an enterprise-wide level, using Group Policy deployed with Active Directory. You can also use Group Policy to disable CD auto-run, as described here.

Some organizations have even taken the more draconian step of putting glue into all of their computer systems' USB slots to prevent them from being used. Of course, such a solution isn't ideal for all of us.

More information:

  • Visit our resource center for the latest news, tips and expert advice on how to create an effective device security policy.
  • Enforce a "no USB devices" policy by monitoring a laptop user's offline activities.

    		•



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts