There's been a spate of news concerning the threats posed by USB devices - including devices such as iPod, Zen etc. The main threat is that data could be very easily stolen using these seemingly harmless and innocuous devices.
Other threats may soon include viruses and trojans happily hopping from iPod to iPod, iPod to computer, and computer to computer.
When I say iPod I refer to the general class of such disk-based entertainment devices - sheer laziness and not any bias makes me refer to them so (I'm a huge fan of Apple's!).
A typical such device comes with a disk that's at least a few GBs, so it's not that difficult to steal large files using the USB ports.
Most companies permit employees to take their laptops with them - else what's the point of having one! The biggest problem is not that the laptop itself will go missing (which is an obvious threat) but that the data will be stolen (can't catch that unless you really audit the machine or install special tools to monitor data transfer). Now, with USB2.0 and FireWire, even GBs of data can be copied in minutes.
How do you protect against such an invisible, internal attack?
* Use software to lockdown the USB ports
* Educate employees on USB safety and security
* Order machines that have the ports disabled or not configured
* Glue them shut if all else fails
In any case, before we fall into this hysteria and become part of the USB-banning mob, we should give some thought to the level of crimes that occur using USB ports. How many people steal data using USB drives vs via hard copies of documents, CD-RW disks, email, illegal upload to online backup sites...the list is endless.
So, what do you learn from this? Definitely, USB ports are a threat, but maybe not to the extent that people make it out to be. At least not yet. Or maybe it already is, and we just haven't realized it yet.
Be safe!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment