In the past year or so the number of gizmos and gadgets available to enhance the power of portable systems has...
exploded. Now a modestly-equipped notebook can be easily expanded to support wireless networking, DVD playback, CD-RW and DVD burning, theatre quality audio, huge file storage capacities, OCR scanning, UPC scanning, voice recognition, digital video recording and editing and much more. Most of these can be added just by plugging in a USB, PC Card or Firewire peripheral.
I'm the first to admit that the ability to plug in a device and have instant access to features and capabilities far beyond the range of your notebook is amazing. I've got dozens of add-ons to improve my portable computing. However, these little devices may also be the downfall of many a security stronghold.
The gadget that is currently making my skin crawl is a key-chain dongle USB memory drive. These thumb-sized plug-n-use devices can store 8M Bytes to 1G Byte of data and are natively supported by every USB-enabled system. You plug them in and instantly a new drive letter appears in your file manager. A few deft movements of the mouse and any file on the local system or network accessible drive can be copied to the dongle. Keep in mind that the dongles support only the FAT file system, so any ACLs on the files are stripped. Once the data is copied (at over 2M Bytes/sec for USB 2.0, and 600K Bytes/sec for USB 1.1), you just unplug the device and drop it in a pocket. These USB memory drives can be easily mistaken for a knickknack on a key chain or concealed in a gum packet.
There are a handful of methods you can use to provide some protection against these devices. First, you can disable USB support on all systems. But then you will lose the ability to use USB mice, keyboards, printers or scanners. Second, strictly control user access to sensitive material. This prevents users from copying material from higher classification levels; it doesn't stop them from walking out with material within their access privilege. Third, physically separate users from the computer's system case. Granting users access to just their monitor, mouse and keyboard does eliminate their ability to use USB devices -- including memory drives -- but it also prevents them from using CDs or floppies and accessing the power button and reset switch. Fourth, perform intensive searches on everyone as they enter or leave the secured facility. While this method could be effective, it is very unpopular, time-consuming and impractical.
About the author
James Michael Stewart is a researcher and writer for Lanwrights, Inc.
Dig Deeper on Security Resources