Stealing data is easy
The USB key drive data security nightmare
By Chris Mellor | Published: 12:15, 27 August 2004
PC Data theft kit:
1. USB key drive.
It's frightening how easy it is to copy data off a PC. If you are left alone with it when you have a USB drive then just stick the drive in a USB slot; browse the PC's hard drive and copy over any files you want. Easy-peasy.
Intellectual property theft can, where the IP is not stored in secured systems, become as trivial as shoplifting Mars bars off a newsagent's display shelves.
Any recent MP3 player could become a holder of multi-gigabytes of your customer information, product designs, credit card transaction records, personnel files, customer or or patient records, and be carried out in an employee's, contractor's or visitor's back pocket.
Plug-and-play? No, it's plug-and-steal.
Just to increase any alarm you might be feeling consider this; it's not just a one way threat. Malicious vistors, or just very careless ones, could carry in virus-, worm- or trojan-infected files and simply and devastatingly load them onto PCs in your building. Any PC that doesn't have up-to-date protection against such nasty software will immediately become a virus, worm or trojan beach head right inside your firewall.
The potential damage this could cause and cost to clean up infected systems could quite significant. Conceivably you could be fined for not looking after sensitive data that has to be kept securely - although this is a rare scenario, it's not totally impossible.
What can a system administrator do? You could ban all external USB storage devices: iPods; other MP3 players; pocket-size external drives; any and all USB key drives.
But how are you going to enforce this? A USB key drive, with flash memory capacity of up to 2GB, is small, very small, like a small cigarette lighter. They are so easy to carry and so very quick to insert, be recognised by Windows and become valid data copying destinations.
You can't police such an edict. You can't institute a body search of every person entering and leaving your premises - or X-ray all the mail to see if one is being posted in or out.
You could, with difficulty, remove USB support in each PC's BIOS. Microsoft, for example, has a web page explaining how to remove USB support.
But, even if you could utilise such blunt methods, we all understand that such drives do have legitimate uses. Visiting executives and managers could bring PowerPoint presentations or Excel spreadsheets on them ready to use in a meeting. Babies and bathwater come to mind.
Apart from enforcing encryption of and password access to sensitive data, the obvious policing method is to have software run in your PCs and monitor the USB port status. Any connection of a storage device causes an alert. Once an alert is received then rules can be applied to scan the device for malware and/or to prevent or allow file transfer.
As an example of this DynaComm's i:scan real-time monitor enables a Systems or Network Administrator to centrally enforce policies for the use of removable media across networks.
Each monitored PC has the DynaComm software installed on it.
It's not particularly enterprise-class software as it has a clumsy installation process. The software appears to base its actions on removable media and not just USB drives. So floppy diskettes - if you still have any, Zip disks, CD and DVD writers as well as USB storage devices are covered.
A rule or rules can be set and centrally managed. It could be set to alert managers if a USB storage device is connected to a PC on your network. Files transferred to and from the device could be logged, filtered or even blocked. The operation of removable USB storage media could be blocked entirely on some or all of your PCs.
Where there is a legitimate need to permit file transfers to such devices, i:scan enables exceptions to be made based on criteria such as file name, time of day, file ownership, user, etc.
Also, log files holding information about file transfers to and from such devices can be retrieved. You can run reports of activity to monitor what's going on or to check out potential security breaches for forensic purposes.
You could test the DynaComm software via a time-limited download. Another product to look at could be DeviceLock.
It's relatively early days yet. We should be able to expect substantial improvements in removable storage media security features over the next few months.