Security Basics mailing list archives

Re: Flash Drive Policy

From: Jon Kibler <Jon.Kibler () aset com>
Date: Fri, 10 Oct 2008 10:35:33 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

Okay, I *REALLY* hate to reply to my own posting, but...

- From the several off-list comments / questions I have received from this
posting ("I don't see any policy information on this page, did I miss
something?"), the point I was trying to make obviously got completely
lost on a bunch of folks!

So... in case you missed it, these are my points:
  1) All unused USB ports should be turned off in BIOS. (And, BIOS
should be locked with an administrative password.)
  2) USB devices -- especially flash drives and other storage media --
do not, in general, have a place in the workplace.
  3) If you absolutely must enable the use of flash drives (or other
removable media), then:
     a) They must be scanned by AV software before access is allowed.
     b) Nothing on the removable media should be allowed to execute.
     c) All data transferred to / from removable media must be logged.
     d) Data exfiltration safeguards need to be applied separate from
the implementation of any removable media.

Where were my points buried in that page? Well, if you can plug in a
flash drive and have it steal credentials from the computer with no
other user interaction required, you clearly have a SERIOUS security
issue that could be exploited by anyone possessing a flash drive.

Need I explain more?

Jon K.


Jon Kibler wrote:

Steven Bonici wrote:

I am looking for a policy on using flash drives, can someone point me to
one?


See: http://wiki.hak5.org/wiki/USB_Switchblade

This will clearly show what should be your policy.

Jon K.

- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkjvaDUACgkQUVxQRc85QlPl9wCeMV3V5JiJl1rY3DuXUKS0NGbh
oQcAniRfba7waUPtqVpZrmHMMJs0Q/YY
=uFtB
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

Current thread:

Flash Drive Policy Steven Bonici (Oct 08)
- Re: Flash Drive Policy Jon Kibler (Oct 09)
  - Re: Flash Drive Policy Jon Kibler (Oct 10)
    - Re: Flash Drive Policy Steve Armstrong (Oct 14)
    - Re: Flash Drive Policy Jon Kibler (Oct 14)
    - RE: Flash Drive Policy Hill, Pete (Oct 14)
    - RE: Flash Drive Policy Steve Armstrong (Oct 15)
    - Re[2]: Flash Drive Policy Adam Pal (Oct 16)
    - Re: Re[2]: Flash Drive Policy Lucas Lyon (Oct 17)
- Re: Flash Drive Policy Gleb Paharenko (Oct 09)
  - RE: Flash Drive Policy Steven Bonici (Oct 09)
    - Re: Flash Drive Policy ॐ aditya mukadam ॐ (Oct 10)
- Re: Flash Drive Policy W. Lee Schexnaider (Oct 10)