Pod slurping: The latest data threat

There's more than one way to receive Threat Monitor Listen to this pod slurping  tip on your computer or favorite MP3 player.

The iPod is the top-selling portable media player on the market today. The largest iPod model can currently store more than 80 gigabytes of data, and as technology advances its storage capacity will only increase. While this may benefit practitioners who use such devices to transfer and store corporate data, enterprises can't ignore the risks iPods pose to the network, especially now that malicious users have started "pod slurping" to gain access to confidential corporate information.

How does pod slurping work? Pod slurping is a method that illegally uploads gigabytes of confidential information from an organization's computer systems to an iPod or any other removable storage device. Those engaging in the practice often utilize programs like slurp.exe, which make it easier to search relevant directories on a computer system for typical business documents in Word and Excel format. The Slurp.exe program is capable of copying 100 MB worth of data from the Windows "Documents and Settings" directory in a matter of minutes. Once the information is slurped it can be downloaded, analyzed and even sold.

More on mobile device security Learn how to secure iPods in the enterprise. Attend this lesson from Messaging Security School and learn how to secure mobile devices in the enterprise.

Pod slurping is the latest weapon in the hacker's arsenal. And it's not only a method that sophisticated hackers can use.

For example, an employee who's unhappy with his annual performance review and his lack of a pay increase can decide to "strike back" by testing his access to the human resources server, which stores an Excel spreadsheet of all employee salaries. After successfully gaining access to the server, the employee copies the Excel spreadsheet to his iPod and takes it home.

While some may believe this could never happen, it did. A few years ago I audited the network of an international marketing company where an employee did what's described above, but used a USB key, not an iPod. In this case, the employee quit before anyone noticed the breach and emailed the Excel spreadsheet to every individual in the company. As you can imagine, the consequences were devastating.

Pod Slurping: Preventative measures
So, what can be done to prevent pod slurping?

1. Restrict access to the USB port(s) on a computer system.

2. Implement and enforce policies. No USB devices in the office means, no USB devices in the office for ANYONE (including technical staff, managers, etc.).

3. Implement the principle of least privilege. Doing so will ensure a user can't access files which they do not need to access.

Again, before allowing employees to listen to their portable music players at the office, consider the risks. Most organizations have spent thousands of dollars on mitigating risks to their information by implementing firewalls, antivirus and intrusion prevention systems (IPSes), only to have it come crashing down by a disgruntled employee armed with an iPod.

About the Author:
Peter Giannoulis, GSEC, GCIH, GCIA, CISSP, is an information security consultant in Toronto, Ontario, Canada, as well as a Technical Director for the GIAC family of certifications.

Sound off opportunity: Do you think is it reasonable to ban iPods from the office? We'd like to hear from you. Email us and let us know why or why not.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Threat Monitor Hidden endpoints: Mitigating the threat of non-traditional network devices Protecting exposed servers from Google hacks (and Google 'dorks') Countermeasures against targeted attacks in the enterprise Windows registry forensics guide: Investigating hacker activities More built-in Windows commands for system analysis Tracing malware's steps with RE:Trace Worst practices: Learning from bad security tips Worst practices: Encryption conniptions Stopping malware in its tracks Built-in Windows commands to determine if a system has been hacked Insider Threats Societe Generale bolsters internal controls, discovers second insider Information security book excerpts and reviews Security pros focused on internal threat, training Reasearch on Coding Backdoors Presents Ugly Picture Deloitte survey finds overconfidence, lack of planning on security Data loss prevention from the inside out Insider dangers Survey finds access control problems at many firms Societe Generale: A cautionary tale of insider threats Should keystroke loggers be used in enterprise investigations? Device Security Policy Finding lost notebooks with 'LoJack for laptops' iPhone security in the enterprise: Mitigating the risks VMworld: Desktop virtualization drives security skepticism Blogging on corporate laptops is risky business Will disabling thumb drives also affect the use of the keyboard and mouse? Are USB storage devices a serious enterprise risk? Wireless security: IT pros warily watching mobile phone threats Controlling U3 smart drive use in the enterprise Report: FBI still losing laptops RSA: Accenture executive touts DRM, corporate data lockdown Device Security Policy Research RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary insider threat  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.