
	Home > Ask the Security Experts > Application Security Questions & Answers > Are USB storage devices a serious enterprise risk?

Ask The Security Expert: Questions & Answers

EMAIL THIS

Are USB storage devices a serious enterprise risk?

EXPERT RESPONSE FROM: Michael Cobb, featured expert

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 03 January 2007
Vendors often distribute USB drives as gifts, while some would argue that this is a bad idea because they can introduce risks into an environment. What exactly are these risks and how can they be avoided?

BROWSE BY TAG

Application Security, Information Security Management, Web Security Tools and Best Practices, Web Server Threats and Countermeasures, Application and Platform Security, Information Security Policies, Procedures and Guidelines, VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Application Security
	Are Web application penetration tests still important?
	What does 'invoked by uid 78' mean?
	How secure are iPhone App Store mobile applications?
	What security software should be installed on Internet café computers?
	Are message stubs a secure part of email retention policies?
	How does a Web server model differ from an application server model?
	Can Google Earth and other mash-up applications threaten enterprise security?
	Do European laws prevent a U.S. company from blocking spam?
	Can one antivirus program be used to get rid of spyware?
	How to prevent cross-site scripting (XSS) session hijacking

Information Security Policies, Procedures and Guidelines

Twitter risks, Facebook threats trouble security pros

Cybersecurity czar candidate questions clout of new position

Incident response planning

The basics of enterprise GRC project management

RSA council addresses growing security risks in the cloud

How to write a risk methodology that blends business, security needs

Risk management must include physical-logical security convergence

DHS fills National Cybersecurity Center post

New partnerships, creative thinking help security bust recession

Experts optimistic of Obama cybersecurity plan

Web Server Threats and Countermeasures

Stolen FTP credentials likely in massive website attacks

Microsoft warns of IIS zero-day vulnerability

How to find and stop automated SQL injection attacks

How to spot attacks through Apache Web server log analysis

Symantec acquires Mi5 Networks, bolsters Web security

How to harden Linux operating systems

How to clear out anonymous Web proxy servers in the workplace

Information security book excerpts and reviews

Is it more secure to have a mainframe or a collection of servers?

How does a Web server model differ from an application server model?

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

defense in depth (SearchSecurity.com)

non-disclosure agreement (SearchSecurity.com)

security policy (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

USB drives and other so-called thumb drives do pose a real network security risk. They have become so inexpensive that they are often used as promotional gifts. Although they can be useful, they can harbor confidential data or introduce malicious code to a network. Next-generation U3 smart devices pose an even greater risk because they store and execute their own applications directly from the drive. Software programs can be downloaded onto them without any requirement for administrative privileges on the host computer. As you can imagine, this is a potential administrative nightmare, since users can easily run unauthorized programs that may consume bandwidth, impair network performance and generally undermine productivity.

There are various options for controlling the use of these devices. One is to disable Universal Plug and Play, which automatically loads USB storage devices as a drive, though this method is a little draconian. A better solution is to control which USB devices are allowed to connect to your systems. GFI EndPointSecurity, for example, allows administrators to manage and log access and activity of storage devices such as USB drives, as well as communication devices like BlackBerrys. I would combine this type of product with some form of application control at the desktop. Safend Protector, for example, allows smart storage devices to be used as mere simple storage devices -- so long as they comply with the rest of your storage policy. The tool also blocks smart functionality so that programs can't be run from the device. Finally, if you are thinking of upgrading to Windows Vista, check out its built-in USB device control features.

More information:

Learn more about controlling U3 smart drive use in the enterprise.

Enforce a "no USB devices" policy.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy