Home > Ask the Security Experts > Expert Archive: Information Security Threats Questions & Answers > Do USB memory sticks pose enterprise threats?
Ask The Security Expert: Questions & Answers
EMAIL THIS

Do USB memory sticks pose enterprise threats?

Ed Skoudis, past SearchSecurity.com expert EXPERT RESPONSE FROM: Ed Skoudis, past SearchSecurity.com expert

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 30 October 2006
Do USB memory sticks pose new dangers for enterprises? Some reports claim that new drives can be used to automatically run malware. Is this true? And if so, what can information security pros do to prevent it?

>
Yes, USB memory sticks (sometimes called "thumb drives") are a major security issue for several reasons. First, they offer employees an easy way to steal all kinds of sensitive information. They can walk out of an organization with a small, easily concealed device. Second, innocent employees can bring in thumb drives that contain a virus or worm and inadvertently infect an organization. And, third, a machine can run code from a USB drive simply by plugging it in; attackers can and have released software that can make a thumb drive auto-execute when inserted into a Windows computer. These programs trick Windows into believing that the USB drive is really a CD, which is then auto-run. We've been able to get these tools to work in our labs, so they are indeed a real threat. There are commercial products that do this as well, like SanDisk's U3 Cruzer drive. Thus, just plugging in a thumb drive can get you infected with a bot.

A few months back, an information security consulting firm employed this technique using a clever social engineering twist while performing a penetration test. The team scattered about 20 thumb drives around the penetration test customer's parking lot. Then, the team asked the employees of said company to find these USB tokens and plug them into corporate computers to see what was on them. Once inserted, the software on the drives automatically executed, allowing the penetration testers to bypass the firewall and control these computers.

So, how can information security pros deal with this new threat? You could disable USB tokens entirely from your environment, either by disabling the drivers on individual machines, or doing so on an enterprise-wide level, using Group Policy deployed with Active Directory. You can also use Group Policy to disable CD auto-run, as described here.

Some organizations have even taken the more draconian step of putting glue into all of their computer systems' USB slots to prevent them from being used. Of course, such a solution isn't ideal for all of us.

More information:

  • Visit our resource center for the latest news, tips and expert advice on how to create an effective device security policy.
  • Enforce a "no USB devices" policy by monitoring a laptop user's offline activities.

    		•

    BROWSE BY TAG
    Expert Archive: Information Security Threats,   Information Security Policies, Procedures and Guidelines,   Application and Platform Security,   Web Security Tools and Best Practices,   Web Application and Web 2.0 Threats,   Web Server Threats and Countermeasures,   Information Security Management,   VIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



    RELATED CONTENT
    Expert Archive: Information Security Threats
    The telltale signs of a network attack
    Will Google Chrome enhance overall browser security?
    Are there antivirus suites that pick up more than just run-of-the-mill viruses?
    What tools can a hacker use to crack a laptop password?
    Are social networking sites an easy target for malicious hackers?
    What are the dangers of cross-site request forgery attacks (CSRF)?
    Should social engineering tests be included in penetration testing?
    What kind of data is compromised during a Google hack?
    Best practices for using restriction policy whitelists
    Defining mobile device security concerns

    Information Security Policies, Procedures and Guidelines
    Schneier-Ranum face-off part 6: Audience questions
    Editor's Desk: Apathy and the Cybersecurity Coordinator
    Writing security policies using a taxonomy-based approach
    How to detect and respond to money laundering
    Health Net breach failure of security policy, technology
    How to protect distributed information flows
    Whitelists, SaaS modify traditional security, tackle flaws
    Melissa Hathaway urges more cooperation, government attention to cybersecurity
    Reuters: Obama ready to select cyber security czar
    How a corporate Twitter policy can combat social network threats

    Web Server Threats and Countermeasures
    Microsoft doesn't rule out rushed patch for IIS zero-day vulnerability
    How do passwordless SSH keys represent an enterprise attack vector?
    Information security book excerpts and reviews
    Increase in Gumblar backdoors poses FTP credential problems
    VeriSign extends DDoS attack protection service
    Microsoft issues IIS FTP advisory, exploit code circulates
    Panda reports fast-spreading rogueware antivirus fraud rakes in millions
    Oracle issues quarterly patches, fixes database flaws
    Latest DDoS attacks extremely unsophisticated, experts say
    Stolen FTP credentials likely in massive website attacks

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    defense in depth  (SearchSecurity.com)
    non-disclosure agreement  (SearchSecurity.com)
    security policy  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2010, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts