
	Home > Ask the Security Experts > Information Security Threats Questions & Answers > Do USB memory sticks pose enterprise threats?

Ask The Security Expert: Questions & Answers

EMAIL THIS

Do USB memory sticks pose enterprise threats?

EXPERT RESPONSE FROM: Ed Skoudis

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 30 October 2006
Do USB memory sticks pose new dangers for enterprises? Some reports claim that new drives can be used to automatically run malware. Is this true? And if so, what can information security pros do to prevent it?

EXPERT RESPONSE
Yes, USB memory sticks (sometimes called "thumb drives") are a major security issue for several reasons. First, they offer employees an easy way to steal all kinds of sensitive information. They can walk out of an organization with a small, easily concealed device. Second, innocent employees can bring in thumb drives that contain a virus or worm and inadvertently infect an organization. And, third, a machine can run code from a USB drive simply by plugging it in; attackers can and have released software that can make a thumb drive auto-execute when inserted into a Windows computer. These programs trick Windows into believing that the USB drive is really a CD, which is then auto-run. We've been able to get these tools to work in our labs, so they are indeed a real threat. There are commercial products that do this as well, like SanDisk's U3 Cruzer drive. Thus, just plugging in a thumb drive can get you infected with a bot.

A few months back, an information security consulting firm employed this technique using a clever social engineering twist while performing a penetration test. The team scattered about 20 thumb drives around the penetration test customer's parking lot. Then, the team asked the employees of said company to find these USB tokens and plug them into corporate computers to see what was on them. Once inserted, the software on the drives automatically executed, allowing the penetration testers to bypass the firewall and control these computers.

So, how can information security pros deal with this new threat? You could disable USB tokens entirely from your environment, either by disabling the drivers on individual machines, or doing so on an enterprise-wide level, using Group Policy deployed with Active Directory. You can also use Group Policy to disable CD auto-run, as described here.

Some organizations have even taken the more draconian step of putting glue into all of their computer systems' USB slots to prevent them from being used. Of course, such a solution isn't ideal for all of us.

More information:

Visit our resource center for the latest news, tips and expert advice on how to create an effective device security policy.

Enforce a "no USB devices" policy by monitoring a laptop user's offline activities.

Sound Off! -

Be the first to post a message to Sound Off!

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Device Security Policy
	iPhone security in the enterprise: Mitigating the risks
	VMworld: Desktop virtualization drives security skepticism
	Blogging on corporate laptops is risky business
	Will disabling thumb drives also affect the use of the keyboard and mouse?
	Are USB storage devices a serious enterprise risk?
	Wireless security: IT pros warily watching mobile phone threats
	Controlling U3 smart drive use in the enterprise
	Pod slurping: The latest data threat
	Report: FBI still losing laptops
	RSA: Accenture executive touts DRM, corporate data lockdown
	Device Security Policy Research

Information Security Threats

What are the dangers of cross-site request forgery attacks (CSRF)?

Should social engineering tests be included in penetration testing?

What kind of data is compromised during a Google hack?

Best practices for using restriction policy whitelists

Defining mobile device security concerns

What security measures can be taken to stop crimeware kits?

What software development best practices can prevent input validation attacks?

What is the most secure way for application developers to manage cookies?

Is there a market for standalone antivirus products?

Can 'herd intelligence' effectively stop malware?

Mobile Code

Information security book excerpts and reviews

Discovery of malware cesspool triggers attack fears

Should the contents of a USB token be copied to a hidden directory called 'IEDW?'

Are USB storage devices a serious enterprise risk?

Controlling U3 smart drive use in the enterprise

Mobile carriers admit to malware attacks

Dozens of Web sites spread malicious Trojan

Are there any Trojans or malware that target Blackberries?

Mobile Device Security

Security Bytes: Cisco addresses multiple vulnerabilities

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Advanced Search | Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy