Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Stealing data is easy

The USB key drive data security nightmare

Article comments

PC Data theft kit:

1. USB key drive.

That's it.

It's frightening how easy it is to copy data off a PC. If you are left alone with it when you have a USB drive then just stick the drive in a USB slot; browse the PC's hard drive and copy over any files you want. Easy-peasy.

Intellectual property theft can, where the IP is not stored in secured systems, become as trivial as shoplifting Mars bars off a newsagent's display shelves.

Any recent MP3 player could become a holder of multi-gigabytes of your customer information, product designs, credit card transaction records, personnel files, customer or or patient records, and be carried out in an employee's, contractor's or visitor's back pocket.

Plug-and-play? No, it's plug-and-steal.

Just to increase any alarm you might be feeling consider this; it's not just a one way threat. Malicious vistors, or just very careless ones, could carry in virus-, worm- or trojan-infected files and simply and devastatingly load them onto PCs in your building. Any PC that doesn't have up-to-date protection against such nasty software will immediately become a virus, worm or trojan beach head right inside your firewall.

The potential damage this could cause and cost to clean up infected systems could quite significant. Conceivably you could be fined for not looking after sensitive data that has to be kept securely - although this is a rare scenario, it's not totally impossible.

What can a system administrator do? You could ban all external USB storage devices: iPods; other MP3 players; pocket-size external drives; any and all USB key drives.

But how are you going to enforce this? A USB key drive, with flash memory capacity of up to 2GB, is small, very small, like a small cigarette lighter. They are so easy to carry and so very quick to insert, be recognised by Windows and become valid data copying destinations.

You can't police such an edict. You can't institute a body search of every person entering and leaving your premises - or X-ray all the mail to see if one is being posted in or out.

You could, with difficulty, remove USB support in each PC's BIOS. Microsoft, for example, has a web page explaining how to remove USB support.

But, even if you could utilise such blunt methods, we all understand that such drives do have legitimate uses. Visiting executives and managers could bring PowerPoint presentations or Excel spreadsheets on them ready to use in a meeting. Babies and bathwater come to mind.

Software agents
Apart from enforcing encryption of and password access to sensitive data, the obvious policing method is to have software run in your PCs and monitor the USB port status. Any connection of a storage device causes an alert. Once an alert is received then rules can be applied to scan the device for malware and/or to prevent or allow file transfer.

As an example of this DynaComm's i:scan real-time monitor enables a Systems or Network Administrator to centrally enforce policies for the use of removable media across networks.

Each monitored PC has the DynaComm software installed on it.

It's not particularly enterprise-class software as it has a clumsy installation process. The software appears to base its actions on removable media and not just USB drives. So floppy diskettes - if you still have any, Zip disks, CD and DVD writers as well as USB storage devices are covered.

A rule or rules can be set and centrally managed. It could be set to alert managers if a USB storage device is connected to a PC on your network. Files transferred to and from the device could be logged, filtered or even blocked. The operation of removable USB storage media could be blocked entirely on some or all of your PCs.

Where there is a legitimate need to permit file transfers to such devices, i:scan enables exceptions to be made based on criteria such as file name, time of day, file ownership, user, etc.

Also, log files holding information about file transfers to and from such devices can be retrieved. You can run reports of activity to monitor what's going on or to check out potential security breaches for forensic purposes.

You could test the DynaComm software via a time-limited download. Another product to look at could be DeviceLock.

It's relatively early days yet. We should be able to expect substantial improvements in removable storage media security features over the next few months.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *