Are pendrives a security threat?

vbimport

#1

Imagine you work at a company which has a lot of confidential information stored in their workstation computers.

Now someone from outside the company enters the office , accesses a computer , plugs in a pendrive (usb memory stick) and starts copying data.

Now he/she has all the necessary information , unplugs the pendrive and no one will even know he/she accessed the computer and there is no log that proves a pendrive has been attached to the system.

I think this could be a great risk for companies , but what can you do about it ? Scan every pendrive they have ?


#2

I guess you saw “The recruit” last night, didn’t you? :wink:

But yes, they sure are a security thread. The only thing a company can do, is making sure that the USB can’t be accessed…


#3

Where I work you can’t just access a computer .

You’ll need a card and the password related to that card to get access to any PC in the buildings.

For companies where you have no log-on block it will be a big risk.

And even if you would have a card and the related password you still have to pass security to get in the building(there’s no other way in)!!


#4

Not just information getting out, but also things coming in.

The problem with many systems is that they have protection on the outsides to stop viruses/trojans getting in.

But what happens when someone imports something into where it isn’t supposed to be? Even the best antivirus software is a few days behind the rest of the virus world.

One huge weakness of humans is that type of thinking that if someone is inside a highly secured complex, then they must belong there. They aren’t supposed to get past security at the front desk :stuck_out_tongue:


#5

You mean security threaT?

For a stranger to access the workstation in the first place shows the lack of security measures being placed in that working environment - now that is the real threat.


#6

Originally posted by xox
You mean security threaT?

Whoops… modified all of them of course :slight_smile:

Well , one of the things is that it’s done zo amazingly fast and without any log on the compromised pc/network. Plug , copy , unplug , gone. Could take less than a minute if you train a little.


#7

Like I said before, I think it all comes back to how good your overall security is. The ‘sensitive’ data itself has to be placed separately in a secure place, which means only certain employees have access to it. It too has to have some kind of firewall that would protect files being infected from other terminals in the network. I’m not a network expert and I haven’t seen The Recruit but someone outside your office should NOT have access to your workstation in the first place. Your employee should NOT leave workstation with sensitive data unattended.


#8

realy confidential information should not be stored on a local workstation.
It should be stored on a server, so wen the person logs in. . . he can use the info and when he leavs, to go to the “jhon”, he can log out or activate a password protected screensaver. this way nobody can use this account to steal data, even with a pen drive. . .:stuck_out_tongue:

see yah . . . . :cool:


#9

I have a pen drive and I can say from experience that it poses a security risk just for employees to have one. A pen drive with confidential data would be easy to lose, but consider also: before the advent of pen drives it was impossible for employees to take away that much data (except on laptops I guess). There’s loads of stuff on my office’s drives that I could never cart away on a floppy but silently zipping it to pen drive is a doddle.
Technical question - with secure OSs could you monitor the transit of copied files? Obviously moving files constitutes violation of read-only, but can you trace copiers?

One other major use for my pen drive at work is using their broadband connection (only 56k at home:( ) to get music, game demos etc. As long as I don’t completely spam out the servers no one will ever notice.:bigsmile:


#10

wouldnt the computer log a new hardware device, loading the drivers, and the eventual disconnect of the hardware device?


#11

Originally posted by xox
[B]You mean security threaT?

For a stranger to access the workstation in the first place shows the lack of security measures being placed in that working environment - now that is the real threat. [/B]

What I mean is that people that should know better can bring in programs themselves from home. It’d be easy to hide a trojan in a small program, a program which is incredibly useful.
On a floppy disk or cd, drives can be blocked/disabled.
Can USB drives be covered by the same method? :confused:

I think not :expressionless:
These days everything is moving towards USB, keyboards, mice, etc.

All someone has to do is unplug a keyboard (or with fancy MS keyboards, just plu the device into the KB), plug the drive in drag and drop large programs, etc with the mouse, unplug the device and plug the KB in again :slight_smile:

The perfect crime.

These days many programs randomlyu grab a document off the HD and email it to a randomly generated address.
What’s to stop competitors from doing the same? But obviously with an email address they can check :wink:


#12

Originally posted by debro
[B]

What I mean is that people that should know better can bring in programs themselves from home. It’d be easy to hide a trojan in a small program, a program which is incredibly useful.
On a floppy disk or cd, drives can be blocked/disabled.
Can USB drives be covered by the same method? :confused:

I think not :expressionless:
These days everything is moving towards USB, keyboards, mice, etc.

All someone has to do is unplug a keyboard (or with fancy MS keyboards, just plu the device into the KB), plug the drive in drag and drop large programs, etc with the mouse, unplug the device and plug the KB in again :slight_smile:

The perfect crime.

These days many programs randomlyu grab a document off the HD and email it to a randomly generated address.
What’s to stop competitors from doing the same? But obviously with an email address they can check :wink:

[/B]

Nothing is 100% safe, but by locking down the software on the PC, a big deal of security can be realized… Just image, some software that makes it impossible to plug in any additional USB devices etc etc…


#13

For security reasons it could be wise to have a certain program or tool that logs the io transfer to non-predefined devices. Unfortunately somebody could hack in such a program as well.


#14

Originally posted by Dee-ehn
[B]

Nothing is 100% safe, but by locking down the software on the PC, a big deal of security can be realized… Just image, some software that makes it impossible to plug in any additional USB devices etc etc… [/B]

Get rid of USB ports (physically)! :bigsmile:

btw - your new sig - reminds me of steve balmer’s funny video (am not sure if you’ve seen it), the one where he yells out “Developer, developer, developer!!!”


#15

Originally posted by Mr. Belvedere
For security reasons it could be wise to have a certain program or tool that logs the io transfer to non-predefined devices. Unfortunately somebody could hack in such a program as well.

But again, it’s a case of closing the gate after the dogs already out.

The access needs to be totally removed for non-defined devices. How do they define acceptable USB devices? :expressionless:

They need to stick with PS2 devices and totally remove access to USB - But wait, aren’t all the big industry leaders advocating the removal of “legacy” products, eg: ps2?


#16

Originally posted by DryBaboon
[B]I have a pen drive and I can say from experience that it poses a security risk just for employees to have one. A pen drive with confidential data would be easy to lose, but consider also: before the advent of pen drives it was impossible for employees to take away that much data (except on laptops I guess). There’s loads of stuff on my office’s drives that I could never cart away on a floppy but silently zipping it to pen drive is a doddle.
Technical question - with secure OSs could you monitor the transit of copied files? Obviously moving files constitutes violation of read-only, but can you trace copiers?

One other major use for my pen drive at work is using their broadband connection (only 56k at home:( ) to get music, game demos etc. As long as I don’t completely spam out the servers no one will ever notice.:bigsmile: [/B]

NTFS (Nt4, Win2k/XP ) keeps information on files created dates, modified dates, last access dates, deleted dates, and ownership information.

They simply need to check who has acccessed a particular file on teh server, then check the users PC for the file.

Obviously it ges more difficult if the system allows roaming access, or access from more than a single computer :wink:


#17

if security is serious - they arent using windows.


#18

By the way, maybe it would be possible to make a dos program which can read NTFS and then boot the computer from floppy… no logs. :bigsmile:

If floppy booting is disabled, just change bios settings. If bios is password protected, play with jumpers or remove battery… :wink:

Or maybe it would be good idea to change date settings from BIOS… those security guys would be amazed when log says that a file was copied in 2033. :stuck_out_tongue:


#19

Originally posted by Supi Suomalaine
[B]By the way, maybe it would be possible to make a dos program which can read NTFS and then boot the computer from floppy… no logs. :bigsmile:

If floppy booting is disabled, just change bios settings. If bios is password protected, play with jumpers or remove battery… :wink:

Or maybe it would be good idea to change date settings from BIOS… those security guys would be amazed when log says that a file was copied in 2033. :stuck_out_tongue: [/B]

No need to make that ,it’s already here. NTFS Pro for DOS , no admin password required either :slight_smile:


#20

Just one thing.

How do USB storage devices load the appropriate drivers in dos? :stuck_out_tongue: