The news today is chock full of stories about sensitive information being carried out the institutional perimeter on ‘simple’ USB devices. These powerful portable drives rightfully worry IT as a means for devastating data loss at the hands of malicious insiders. But it’s pretty easy for organizations to get so wrapped up about what goes out on USB drives that they forget to protect against what comes in their environments via
USB.And with attacks inflicting increasingly greater damage following uncontrolled connection, it’s time that organizations got serious about this threat.Recently the US Army admitted that an infected USB stick was responsible for causing one of the biggest cybersecurity breaches in military history.
In order to keep organizations secure from threats, IT departments must bring greater scrutiny and control over how the network is exposed to potentially infected portable payloads. But let’s get real: they can’t do so by gluing USB ports shut. Portable devices as business tools are here to stay. IT leaders who refuse to recognize that fact will be seen throughout their organizations as inhibitors to success. The key to USB
security is balancing productivity with protection.
It’s Not Just USB
While we’ve focused much of our attention on the ubiquitous USB flash drive, organizations need to
think about threats that extend from all forms of removable media in use today. These include:
» CD drives
» DVD drives
» Blu-ray drives
» FireWire
» eSATA connected devices
» Consumer products such as picture frames
Evolution of USB as an Attack Vector
The more users depend on USB and portable devices to store and move data, the more tantalizing a target these devices become for hackers looking for an easy way to infect a large number of machines. And as the USB format becomes more complex with a greater number of features to exploit, the bad guys are finding increasingly creative ways to use USB against their victims.
USB Security Best Practices
So what exactly does it take to change our trust models? It starts with smart policy development.
Some key policies that organizations should consider to reduce their risks right off the bat include:
» Ensuring common PC and laptop configurations have AutoRun features disabled, limiting the efficacy of USB malware that depends on this feature to run and to propagate.
» Requiring timely installation of security updates
In order to minimize the risk of USB-borne malware taking advantage of unpatched endpoint vulnerabilities.
» Limiting access of USB and portable devices to registered devices only, enabling better control over who, when and how devices are being utilized.
» Preventing the initiation of some or all executables from portable devices, blocking malware from running in the first place.
» Requiring strong passwords (and not allowing the use of default passwords) throughout your infrastructure to prevent worms such as Stuxnet from working their way further into systems.
» Requiring proper, up-to-date AV and firewall usage to prevent malware from gaining a foothold within the endpoint and spreading to other systems in the network.
Enforcement: Putting Teeth in Policies
By enforcing usage policies for removable devices such as USB flash drives and other removable media such as CDs / DVDs, you can control the flow of inbound and outbound data from your endpoints.
Devices that are not authorized should simply not be allowed to execute. Ideally, organizations should look for tools and develop processes that enable them to quickly establish and enforce device control policies as simply and as methodically as possible. Policies should be manageable by user or user group as well as by computer, and organizations should look for capabilities that enable user groups to be immediately associated with devices “on-the-fly.” The goal is to dramatically simplify the management of endpoint device resources through improved tracking of who, when and how devices are being used. By validating removable devices as they are used within the enterprise, you can prevent malware from being introduced into the network. This includes assigning permissions for authorized removable devices and media to individual users or user groups and controlling the uploading of unknown or unwanted files from removable devices.
By developing policies and implementing solutions that enable a more flexible but easily trackable
environment, IT departments become partners in security and business success rather than technology mall
cops to be disregarded at all costs. Enterprises with such forward-looking technology decision-makers will
gain a decisive productivity advantage while protecting their organizational endpoints.
No comments:
Post a Comment