Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: USB--'ultimate security breakdown'?

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    USB--'ultimate security breakdown'?

    For the average corporate or home PC user, the initialism "USB" refers to a computer port that makes it very easy to connect devices directly to a machine. With this connection, a person can transfer or copy information to and from a computer with little trouble.

    But for security administrators and corporate executives, USB--short for Universal Serial Bus--is taking on an entirely new meaning: ultimate security breakdown.

    Most organizations don’t realize that USB and Firewire ports offer an unbelievably easy and accessible way to take sensitive information outside of the enterprise--and this naivete could cost them dearly.

    If you look at the new corporate desktop releases from top makers Dell, Hewlett-Packard and Gateway, a single system can easily have up to eight USB ports. But it's not the sheer number of ports--it's the default plug-and-play configurations of operating systems like Microsoft Windows XP that are the real problem. Current operating systems provide seamless support for USB devices, and for good reason--their users want to be able to load photos, sync their PDAs and transfer music to and from their music players with no hassle. But the resulting security problems are significant.

    In industries such as financial services, government and health care, where sensitive information not only exists but is heavily regulated by privacy laws, there is monumental risk. And that's not to mention the finance and legal departments within every publicly traded company, where violations of material event-disclosure laws could result in serious penalties and fines, in addition to public- and investor-relations disasters.

    So while organizations scramble to turn off the data spigot with no guarantee that software or PC manufacturers will do anything to stop default USB access, things are only going to get worse. Several trends will feed this security dilemma over the next 12 months, including:

    Pop culture
    Music players such as Apple Computer's iPods, digital cameras, PDAs and other gadgets will continue to see rapid adoption among consumers and business users. With no configuration at all, an employee can plug a USB keychain with a gigabyte of storage into the back of a corporate PC. Employees already bring digital cameras to work to download photos to serve as desktop wallpaper or screensavers. These devices are normally plugged into home computers with a fraction of the security of today’s enterprises, making it incredibly easy for someone, even unintentionally, to download a nasty virus or destructive code.

    Malicious code meets device
    Wireless LANs and laptop computers are the current hot vectors for malicious code infections, but the recent appearance of malicious code in portable and personal devices does not bode well for security administrators. Infected PDAs syncing to a corporate computer could result in a scenario where malicious code is passed from device to machine to corporate network. It's also conceivable that future malware will seek out portable media solely for the purpose of proliferation.

    Storage device meets mouse
    The convergence of different computer components and technology could present the ultimate dilemma for security personnel. Mice, keyboards and other components that are intrinsic to everyday computing, combined with storage capabilities, are a potential Swiss Army knife for data thieves and insiders or yet another threat vector for malicious code exploits.

    Unfortunately, most security organizations are still drowning in their battle against malicious code and vulnerability patching, keeping the focus on perimeter security technologies, such as corporate firewalls, server antivirus strategies and content filtering at the gateway. While these measures are important and administrators must continue to lock things down at the network hub, the number of spokes is growing exponentially. Many organizations have hundreds or thousands of machines hooked up to the network at any given time. When you factor in the possibility that very soon there could be multiple devices per PC with unlimited access, it presents a very sobering reality for security personnel.

    There are immediate steps that companies can take that will go a long way toward solving this problem, including a "white list" approach to block unsanctioned devices, applications and executable files from all corporate machines. Until these types of measures are implemented, USB devices will continue to be the weakness in perimeter security’s Maginot Line, allowing a relatively easy and tempting way for wayward insiders and malicious code writers to hurt government agencies and organizations.
    Source : http://news.zdnet.com/2100-1009_22-5386060.html
    -Simon \"SDK\"

  2. #2
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Thats why Microsoft added a new reg key you can use in XP SP2 to make USB drives read only, not a total fix but it helps. Start regedit and open:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control

    Then create a new key called StorageDevicePolicies. In that key create a new value called WriteProtect and set it to 1. Now when a new USB drive is mounted it will be read only.

  3. #3
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Can't you just restrict the installation of "new hardware" to admins and authorized groups/users?

    Or, disable the ability to load/unload device drivers?

    gpedit.msc

    browse to:

    Computer Configuration -- Windows Settings -- Security Settings -- Local Policies -- User Rights Assignment -- Load and unload device drivers --add/remove appropriate users/groups

    that should fix it?
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  4. #4
    Keeping The Balance CybertecOne's Avatar
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    660
    An idea that would not be effective immediatly. but why dont we have USB authorisation? if a USB connection is established on a system, it is questioned and prompted by the user in what to do. in most cases it will be a flash drive or a digi cam.

    If you deny access, each time you plug it in it will question it. if you allow it, the next time you plug it in it automatically identifies the component individually(not as generic device, but generic device ID#xxx whatever). of course the usb devices would need to be reciprocating in design (which is why it wouldnt be effective immediatly)

    however if that idea was instigated it would solve both problems, until of course someone changes something, again


    CTO
    "Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
    - Albert Einstein

  5. #5
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    phishphreek80:
    The ability to load/unload device drivers is needed usually to install some printer. (I ran into the problem already). By default, it's administrator only anyway.

    Irongeek:
    It's gonna take a while for company to install SP2 on all their machine. But I do agree it’s a start!
    -Simon \"SDK\"

  6. #6
    Had a student today, BTW, use a USB drive with a h4x0r folder in it. Since everything gets scanned for viruses, his USB got caught right away with an infected password cracker (ntpassreset.exe, in case anyone is wondering).

    Now, we are encouraging our students to adopt and use technology. In some cases, they are using it in course projects. So, if we were to make the USBs read only, or block them entirely, that would defeat our efforts.

    Hmmmm ... Rock ... hard place ...

  7. #7
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    Originally posted here by Irongeek
    Thats why Microsoft added a new reg key you can use in XP SP2 to make USB drives read only, not a total fix but it helps. Start regedit and open:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control

    Then create a new key called StorageDevicePolicies. In that key create a new value called WriteProtect and set it to 1. Now when a new USB drive is mounted it will be read only.
    Explain to me how this prevents anything at all. If I plug in a usb key that gets mounted as read only, that just means I can't modify what's on my key. I can still execute any software already on it. So let's put this in to play..
    I am the evil haxor that comes in to your business and I run something like...pwdump(just an example) and output to a text file. I can hop on webmail and mail myself the results or I can execute an sftp client that I have loaded on the key. This is not the answer to the usb problem.
    Phishphreek is correct in that you can prevent anyone but certain groups from installing new hardware. That, and preventing booting from usb keys are 2 ways to help.
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  8. #8
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Originally posted here by hogfly
    Explain to me how this prevents anything at all. If I plug in a usb key that gets mounted as read only, that just means I can't modify what's on my key. I can still execute any software already on it. So let's put this in to play..
    I am the evil haxor that comes in to your business and I run something like...pwdump(just an example) and output to a text file. I can hop on webmail and mail myself the results or I can execute an sftp client that I have loaded on the key. This is not the answer to the usb problem.
    .
    Easy. Unless the person bypasses it, it will keep them from copying large amounts of company date to the USB storage device and walking out with it. Some folks are particular about who has there customer, employee and other databases. If it keeps them from copying the data and walking out with it I'd say it's a help.

  9. #9
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    I read somewhere that Longhorn will be able to block USB complety in native mode. I did a quick search on AO (I remember posting it) but I didn't found my thread
    -Simon \"SDK\"

  10. #10
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    Most of my PCs have floppies and CD-Roms so the ability to intall malicious code already exists so the Read only key does help, but not eliminate the problem. Even though adding printer drivers is a hassle my administrators and print administrators do it. You can give office managers or local gurus access. Those printer jobs get high prority in the help desk but it does cause some headaches, they never need it until a customer is waiting for some printout. We now try to add any printer in their vicinity to the baseline because blocking driver installations is more a benefit.

    If you are using PCs that are locked down as in no floppy, no CD, no devices at all.... disable usb in bios or snip a riser pin on the mother board then just trash it after the life cycle.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •