Cyber Security Awareness Month - Day 22 - Security of removable media
Removable media are nothing new. Computer storage started with removable media, those of us old enough likely have fond memories of cassette tapes and floppy disks. What changed, primarily, is the ubiquity of such media and the stunning capacity of memory sticks, USB drives, iGadgets, etc.
In addition to a lot of Good Things, removable media come with two prominent risks:
(1) Given that such media is used as a carrier of data between computers, it is also a good carrier of communicable diseases, aka computer viruses.
(2) The small form factor of such media makes it very easy to misplace or lose the device, and all the data on it
Both problems can be stopped of course by banning the use of removable media completely. Some firms and organizations are trying this, but since computers come with built-in ports of all sorts and DVD writers and Bluetooth and and, it is very hard and costly to get this "right". Also, it usually doesn't stop staff from exchanging data, they'll just find some other way, like uploading it to a file exchange site. Thus, while a complete ban of a certain technology is often the first reaction of Security in a corporate setting, it hardly ever works in the long run.
If we assume that the USB ports are accessible and usable, here's three things you can do reduce the virus risk:
(a) Disable AutoRun
AutoRun is one of the dumbest inventions ever. Attaching a device or inserting a DVD should *never* lead to direct execution of a program without explicit user action. Viruses propagating via removable media became almost completely extinct when the "boot floppy" vanished, but came back in force once Microsoft put AutoRun into XP. Thankfully, it can be completely turned off, and should be. http://support.microsoft.com/kb/967715 shows how.
(b) Enable Anti-Virus
For anti virus, auto-run is desired. It makes good sense to have antivirus do a quick and automatic scan of any newly attached or inserted removable media, as soon as the file system is mounted. Especially in a corporate setting, you might want to know if one of your staff brings in a keylogger on a memory stick, even when the malicious file is not actually started.
(c) Write Protect
If you are in a support or techie role that requires you to attach your memory stick to many different PCs, for example to run diagnostic programs or software updates, do everyone a favor and invest in a memory stick that can be write protected. A stick that has no internal memory and only acts as an SD card reader, for example, can do the job, and also others USB media that come with a write protect switch. This keeps the USB memory clean even when attached to an infected PC.
To address the problem of data loss, encryption is the only viable answer. Free software like TrueCrypt (truecrypt.org) comes with cross-platform support, is reasonable easy to use, and provides good protection if used with a decent password. In a corporate setting, chances are you already have a way to encrypt files or folders. Using one of these programs, make sure you gather the data to be copied in a folder that is *not* on the stick, encrypt it there, and only then copy the encrypted archive over to the USB media. Otherwise, you create temporary files that can be retrieved by a skilled attacker. In case the stick gets lost, the separate copy on the source system also gives you a perfect inventory of what was actually lost, which can be invaluable.
If you have additional tips on how to safely use removable media, let us know (http://isc.sans.edu/contact.html) or use the comment form below.
Intypedia project
Published: 2010-10-22
Last Updated: 2010-10-22 20:17:29 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
1 comment(s)
Last Updated: 2010-10-22 20:17:29 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
The Criptored guys are building a new project called intypedia to provide on-line free training in several topics of information security. There will be videos both in spanish and english. In the first stage will contain introductory content and upcoming ones will be targeted to people from all knowledge levels.
Upcoming lessons are:
- History of Cryptography and its Early Stages in Europe
- Secret-Key Cryptography
- Public-Key Cryptography
- Network and Internet Security
If you are new to security, it's a good place to start. More information at http://www.criptored.upm.es/intypedia/index.php?lang=en
-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org
×
Diary Archives
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago