Insights and tips to protect Desktops from USB flash drives
I felt the use of the USB storage (Flash Drive) when i was in need of transferring some office photos from my laptop to Home PC. It went on with few minutes of work and everything was in sync. It made life easier and simple. USB based storage devices are the most popular medium of data storage and data transfer mechanism. The main factors for the rousing success of USB IMHO is
* Its so Handy.
* Low Cost
* Self Powered (No extra cables or power)
* Hot plug (able) (External to the system)
* Supported anywhere (since standard based)
Before we see how to protect your network computers from the USB threats, let’s check out why to protect your PC from USB storage access. You have equal (actually more than that) opportunities of bringing security threats to your corporate network. Imagine my case, if my home machine was infected by a trojan variant or malwarae, it becomes easy few steps to get my corporate network infected by Monday morning when i’m in office(Monday Blues..). The possible threats can be
* Viruses
* Malicious software
* Data Theft and Loss
Users can deliberately or unintentionally introduce viruses that can spread to all the computers on your network. Users can easily bypass perimeter defenses like firewalls and antivirus at mailserver, and introduce malware such as Trojan Horses or viruses that, if not discovered, can cause serious damage. Similarly, users can copy information that should not be exposed i.e. business data, financial statements, strategies and so on., or transfer data to company computers that is not allowed, pornography, illegal softwares etc., Inorder to overcome these unwanted side effects let us consider these tips.
| Quote: |
| * Frame a security policy for USB storage usage : Guidelines and trainings on using portable storage devices by specifying, when and for what they can use the devices.* Educating the User : Since USB flash drives are becoming essential part of IT, (the slash in pricing also encourages common users) stopping the usage is not advisable, however you can educate the users about the risks that it can bring to the company and thus to him.* Tighten Security : Instruct your security guards about the Flash drives and keep them alert about the risks, so they can also form first level of security from outside.
* Lock your Desktop : Enforce a policy in your network to lock all the unmanned Desktops. Especially for the computers which has sensitive data. * Authorize the usage : Identify and authorize the persons who can use, also implement possible Access control (ACL). * Keep AV updated : Always make sure you have your Antivirus program kept up to date, to encouter with virus sneak peaks. * Restrict access to USB ports on desktops/Laptops : The native configuration approach through Group Policy has options to make the USB drives read-only. |
As a technical consultant i would recommend all the above mentioned points and stress more on the last point which is very vital. Here in Desktop Central the subsequent releases of the product will focus more on corporate security on the basis of configuration and preventive maintenance.
Share your thoughts and experiences on USB flash device storage based security concerns and views.
~romanus~
