Tip

Prevent data loss, theft by securing outputs

Every Computer 101 class starts with a description of the flow of inputs, processing and outputs. Simple, right?

Not when applied to computing environments, such as corporate networks populated with thousands of "smart" devices. In this environment, the inputs are every point of entry into the network (gateways, hosts, remote users, etc.). The processing is every connected system and application, and the outputs are, well, everywhere.

Outputs, or the "Big O's" as I call them, are where lots of unchecked security leaks occur. Compliance with regulations and policies is a hot topic these days, and outputs play a significant role in evaluating an organization's ability to exercise a reasonable level of data control. Enterprises are paying more attention to inappropriate outbound network activity and are using traffic monitors to identify Kazaa and other P2P apps. Some organizations are going a step further by deploying data protection systems for specific applications -- for example, using solutions that identify and restrict outbound e-mail containing unauthorized data.

But, there's more to output than network and e-mail traffic. What about the other Big O's -- CD/DVD drives, PCMCIA, USB and Firewire devices, even printers? Though some of these ports have been around forever, there's renewed interest in securing them because of their ubiquity and enhanced plug 'n play capabilities. Intellectual property is being stolen with near impunity; large files containing

    Requires Free Membership to View

sensitive or proprietary data are being dumped onto flash memory cards or CD-ROMs.

The techniques used to restrict or prevent access to these output devices are the same as we've always used: authentication and user access control, encryption and system access control. On the "detect" side, it's monitoring, monitoring and, well, more monitoring, which is often a more palatable approach since it allows unimpeded data transfers by legitimate users.

But beyond these steps, what can you do? One way to protect against stolen data is to simply change the system configuration: Modifying the BIOS and deleting or moving drivers provides basic access control. For more granular control, a handful of companies are beginning to offer robust, manageable solutions:

  • Smartline's DeviceLock provides basic on/off functionality for a number of devices, including USB and Firewire ports, WiFi and Bluetooth adapters, CD-ROMs and floppy drives.

  • Verdasys' Digital Guardian uses five "shims" for network, file systems (including USB or other storage devices), printing, CD-ROM and clipboard functions. Its application-centric approach uses network and clipboard controls to add extra value. It also has auditing and response capabilities.

  • SecureWave's Sanctuary Device Control provides granular access control and auditing for USB, parallel and serial ports, CD-ROM, infrared, PCMCIA, Bluetooth devices and more. It also can limit the amount of data transfers.

PCs, laptops and output devices remain fertile ground for security breaches. While everyone focuses on network-based risks, it's more than worthwhile to take a step back and evaluate other I/O security risks and the means to mitigate them.

About the author
Pete Lindstrom, CISSP, is research director at Spire Security.


This was first published in June 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.