USB devices unveiled.While several stories about the dangers of USB USB in full Universal Serial Bus Type of serial bus that allows peripheral devices (disks, modems, printers, digitizers, data gloves, etc.) to be easily connected to a computer. devices in the workplace are making the rounds in the last few weeks, this is nothing new, at least to hackers and penetration testing A test of a network's vulnerabilities by having an authorized individual actually attempt to break into the network. The tester may undertake several methods, workarounds and "hacks" to gain entry, often initially getting through to one seemingly harmless section, and from there, experts. Reports of this style of data theft and compromise are becoming more of a threat every day. In today's media driven and gadget (1) Slang for any hardware device, typically small. Synonymous with "gizmo." (2) A mini application that resides on a computer desktop or personal home page, typically found in the Windows environment. using society, not many people give a second thought about seeing a co-worker or user plugging in these seemingly innocent devices into workplace computers. Is that a camera in your pocket or are you just happy to see me? Even that camera that you brought in to show your co-workers the wonderful pictures of your dog doing tricks can be used to not only steal data, but hide such things as trojans and rootkits. Just like the restricted use of phone calls from the workplace, why would you allow employees to waste further valuable company tame by bringing in an iPod or digital camera to work, so that they may be used to circumvent cir·cum·vent tr.v. cir·cum·vent·ed, cir·cum·vent·ing, cir·cum·vents 1. To surround (an enemy, for example); enclose or entrap. 2. To go around; bypass: circumvented the city. your security policies? Once one of these devices are plugged in it becomes trivial to simply launch the malware (MALicious softWARE) Software designed to destroy, aggravate and otherwise make life unhappy. See crimeware, virus, worm, logic bomb, macro virus and Trojan. in one click. As of late we have been talking about the threat of insiders threatening your security posture, and this is no exception. We expect to see portable device malware that will infect these devices to be then unleased at will on everything they are plugged into, especially in the case of the newest autorun USB devices. Perhaps what will become even more of a threat than the workplace insider is that of public access computers that many people use. The simplest way is to turn off USB support by default during deployment directly in the bios of these computers and password protect the bios setup A program used to display and edit user configurable settings in the BIOS of a PC. On earlier PCs, users had to change a setting when a new drive was added, but auto-detect features were later added. menu. One of the best rules to follow is "deny everything unless explicitly needed" and should be extended to any public or corporate asset. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion