FACING THE THREAT OF REMOVABLE USB DRIVES

Removable media devices now present the biggest threat to corporate security, according to research conducted at this year’s InfoSecurity Europe conference in London. However, the research conducted by Centennial Software found that four out of five companies do not have effective measures in place to protect against the threat the devices can pose.




Removable Media Devices Overtake Web Viruses As Top Security Threat

According to William Lynch - Senior Consultant for CTG's Information Security Services Practice, "USB memory stick has been hailed by those fed up with the shortcomings of the floppy. Their small physical size, satisfactory speed and ever-increasing storage capacity makes them the most convenient device to use for transferring files from one place to another. However, these very features can introduce new security risks and amplify risks that already existed with floppy disks. In an article published by net-security.org, Lynch identifies the primary risks associated with USB memory sticks as:

• Virus Transmissions - Data sharing opens up an avenue for viruses to propagate
• Corruption of data - Corruption can occur if the drive is not unmounted cleanly
• Loss of data - All media is susceptible to data loss
• Loss of media - The device is physically small and can easily be misplaced
• Loss of confidentiality – Data on the lost physical media can be obtained by others

More than 43 percent of those questioned have no controls whatsoever in place to manage removable media devices, 27.4 percent leave it to the manager’s discretion, and 8.6 percent have taken the drastic step of introducing a company-wide ban. Only 16.4 percent use endpoint security software to manage the potential risks effectively. This is despite a raft of recent media stories surrounding insider data theft using removable media.

But companies are not ignorant of the risk. In a significant development for Centennial’s annual “Security Attitudes Survey”, 2007 saw removable media devices rated by 38.4 percent of respondents as the top security issue facing their organization. The risk has taken over from Web viruses (23.7 percent) and malware/spyware (22.3 percent) for the first time.

While more company officials in 2007 said they do include removable devices in the acceptable user policies (63.4 percent versus 54.5 percent last year), with more USB sticks than ever in use on the network (65.6 percent regularly use USB sticks, up from 36.3 percent last year), it’s not enough to rely on a policy, according to Centennial.

“It’s long been recognized that human error leads to the majority of information security problems,” said Matt Fisher, vice president at Centennial. “Leaving the use of removable devices at the discretion of staff exacerbates the risks posed by these devices -- especially when a minority of employees may have reasons for wanting to steal or compromise data.

“A larger proportion of companies than last year said they had no controls for managing removable devices in place -- 43.3 percent versus 38.5 percent last year. This is an alarming trend; if organizations recognize the risks of data loss, theft and damage from USB sticks, smart phones and MP3 players, they need to take action to manage the threat and protect their data.”

One of the most popular solutions to for tackling endpoint threats is yet for bigger computing environments. For instance, SecureWave’s Sanctuary Device Control enables the complete lock-down of USB ports. It prevents all unauthorized connection of USB devices to the network, with the added flexibility of allowing individual permissions where appropriate – enabling IT managers to lock and unlock particular USB drives as necessary as priorities and privileges of certain staff changed. Therefore, the product provides secure management of network-wide USB device usage, while also offering more granular resource management where necessary. SecureWave Sanctuary Device Control is simple to deploy and manage, and it will reduce the risk of data leaving enterprises through almost any type of removable device.

A similar product, Safend Protector, detects and allows restriction of devices by device type, model or even specific device serial number. For storage devices, Safend Protector allows security administrators to either block all storage devices completely, permit read-only, encrypt all data on devices as well as monitoring, blocking and logging files that are downloaded to or read from these devices. WiFi controls are based on MAC address, SSID, or network security level

Safend Protector offers a unique advantage in that most of the other products are suited to enterprise networks, and not smaller operations such as a restaurant.

Safend provides free of charge a software called Safend Personal Protector to be used to lock down an individual computer. Run the software on a PC, and prevent unauthorized access to your data via all physical communications ports (USB, FireWire, PCMCIA), blocking any unrecognized device. Once approved and verified by password, devices operate completely unhindered – enabling you to enjoy the convenience of removable media and other devices, while remaining confident that your data is safe. Safend Personal Protector delivers complete visibility and control over:

1. Removable mass storage devices
2. Media players like iPods
3. USB flash drives
4. Smart phones or PDAs
5. Printers and scanners
6. External CD or DVD drives
7. Wireless adaptors and other networking devices
   

For a limited time only, Safend Personal Protector is downloadable free of charge. Download Safend Personal Protector here.

A similar product, Desktop Security Rx, blocks local hard drives and removable media drives as well as any local file, folder, or executable.  Additionally, you can also set removable drives to be accessible but read-only. This enables users to use USB drives (thumb drives/memory sticks) to transfer files to the PC(s) while preventing them from removing files out of the PC(s).

Another line of endpoint security solutions allow the real-time monitoring and auditing of removable devices on a network. Such software utility illuminate endpoint blind spots – providing organizations with the visibility they need to identify and effectively manage endpoint vulnerabilities.

Auditor software will identify such devices as iPods, mass-storage MP3 players, USB flash drives, or even track which WiFi networks employees are connecting to.

CC Productions recommends that most hospitality operators use desktop solutions such as Safend Personal Protector and Desktop Security Rx because they are more affordable and easier to configure and manage. However, for chain stores numbering more than 10 with enterprise network connections, enterprise-based solutions might be more cost effective.

We can help you identify the types of vulnerabilities on your network, recommend and implement the best security solutions. Please call us now at 1-800-507-5554 x1 for expert advise, or fill a Form