Tactical Advice

Keep Your Mobile Data Safe

Take steps to secure your USB ports and drives.
This story appears in the June 2007 issue of BizTech Magazine.

 


Photo: Dana Fineman
Miriam Neal, Vice President of Information Systems at South Western Federal Credit Union, locks down computer end points to secure USB drives.

For quick transport of files outside the office, Universal Serial Bus flash drives are convenient. They’re smaller than a CD/DVD or pocket hard drive, and often easier than using the Internet. And with prices starting at around $20 to $25 per gigabyte for 1GB to 4GB drives, businesses can afford them for everyone.

 

But USB flash drives also pose a major security risk, as do the USB ports on notebook PCs and computers. Unfortunately, what you’ve seen in spy movies is all too real. Anyone can stick in a USB drive (or iPod or Wi-Fi adapter) and discreetly “slurp” down documents, spreadsheets or other files in an instant.

Setting company policies and driving employee awareness represent a first step in safeguarding corporate data, but more steps are needed. So says Ben Rothke, CISSP, senior security consultant with INS and author of Computer Security: 20 Things Every Employee Should Know. “Very few companies have taken steps to monitor the usage of these USB storage devices on their networks,” Rothke explains.

“The vast majority of companies have no policies or technology in place to stop end users from using removable media of any type.”

While simply banning flash drives may sound like a solution, don’t count on it doing the trick. It only takes one employee or visitor who doesn’t know about the policy and wants to sync a personal digital assistant or grab a few MP3s, to create a big problem.

“You can apply epoxy to the ports on your computers to make them unusable — or you can get software that locks the USB ports,” Rothke quips.

Tech Options

Miriam Neal, vice president of information systems at South Western Federal Credit Union, uses SecureWave Sanctuary to address USB security by locking down computer end-points at the credit union. The La Habra, Calif.-based credit union employs about 50 people, and its IT environment includes 70 workstations and 11 servers.

“We wanted to lock down our workstations to prevent people from downloading information they shouldn’t to USB drives, so we could track what our IS staff did with USB drives when working on our servers,” says Neal. “We locked down USB ports on our computers, so any USB storage devices that get plugged in can’t be read from or written to, while still allowing USB devices like mice and printers to work.”

South Western now controls the type of devices and the computers that those devices can access. Neal also assigns permission based on the needs of end users and the types of computers they use.

The technology options for securing USB ports and drives is growing, and includes vendors such as GFI EndPoint Security, Pointsec Device Protector and Media Encryption.

In addition to controlling access to USB ports, port management tools may also control a combination of FireWire, serial, printer and infrared ports, floppy/CD/DVD drives, and USB-connected Wi-Fi or Bluetooth adapters. Some of the tools also let you restrict access for MP3/media players, handhelds, and CompactFlash and SmartMedia, as well as USB flash drives.

With port-blocking software, you don’t need to physically remove, change or block any of your computer hardware. Instead, simply install the software — which may install small “agent” programs on each computer to be controlled — and assign appropriate privileges to each end user. You shouldn’t need any new hardware to run the administrative software, as one of your current Windows computers should do. The cost is likely to be in the $30 to $100 range per computer — far less than the impact of any security breach.

Once installed, port-management tools should also offer reporting tools to let you see what has been allowed and to whom, and who has tried and been blocked from doing what.

“We get reports on attempts and legitimate allowed activities,” says South Western’s Neal. “Based on the reports, it’s working, and because we’ve locked down most of our workstations, there’s very little to look at.”

In addition to locking down USB ports, it’s important to secure the USB flash drives that your employees use before someone loses one containing sensitive information. Small and compact, USB flash drives are far easier to lose than a CD or a notebook PC.

“The problem with USB flash drives is you usually don’t know when they’ve been lost,” comments Rob Enderle, principal analyst with the Enderle Group. “If someone loses one, they may not report it and buy another. So, you could lose a lot of customer records or other data and not know it until everybody’s been compromised.

“If you know your people will use USB drives and carry confidential data, it makes sense to use those that have built-in encryption, so if one’s lost, it doesn’t create a risk exposure,” Enderle advises. “Get ahead of the problem.”

You can find password and encryption security applications that work on most USB drives, and some USB drives include security applications already installed.

Policy Enforcement

Of course, these tools don’t eliminate the need for good company policy and end-user awareness. “Make sure your employees understand they shouldn’t plug ‘foreign’ — noncompany, nonauthorized — devices into company computers,” suggests Eric Ogren, security analyst with Enterprise Strategy Group.

At South Western, the credit union prohibits employees from using USB ports and CD-ROMs without permission. Employees are also restricted from tampering with software.

IT Takeaway

USB drives can get infected with a virus, spyware or other malware while used outside the office, at a hotel business center or copy shop kiosk. When an infected drive gets plugged into a computer at your office, the infection can spread to the computer and bypass the security at your network gateway.

• Ensure that all PCs run basic desktop security software — firewall, antivirus and antispyware — and that you’re encrypting all sensitive data on your notebooks.
• If protecting data is especially critical, require employees to use only approved USB drives, which encrypt everything on them, and require passwords or fingerprint authentication for computer access.
Sign up for our e-newsletter

Security

Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
Tools to Maintain Mobile Sec... |
Far-flung devices pose serious challenges, but a variety of technologies can help protect...

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...
The Value of Converged Infra... |
Improvements in security, management and efficiency are just a few of the benefits CI can...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Hardware & Software

Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
The Tools That Power Busines... |
Ever-evolving analytic software can greatly improve financial institutions’ decision-...
XP-iration Date: Today Is th... |
It’s officially lights out for Windows XP as an operating system. Here’s how the world is...