Re: Flash Drive Policy

["Steve Armstrong" <stevearmstrong () logicallysecure com>]

I mus ttake issue with your 2nd point as I believe the 'head in the  
sand' approach to USB devices is so 1990's. USB is used in most  
businesses and it will continue to increase with the demise of open  
network shares on Corp lans (aka the swap share) and the introduction  
of desktops to the Corp environment without ps/2 interfaces.

I agree that policy and appropriate software can reduce the risk from  
USB devices but that is not our call (security advisors) it's the risk  
owners - who in my experieance are some of those asking  for them in  
the first place.

Steve Armstrong

Technical Security Director
Logically Secure

Tel. 01522 689799
Mob. 07970 929583

(sent from a mobile device, so please excuse any typos)

On 10 Oct 2008, at 18:53, "Jon Kibler" <Jon.Kibler () aset com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All,
>
> Okay, I *REALLY* hate to reply to my own posting, but...
>
> - From the several off-list comments / questions I have received  
> from this
> posting ("I don't see any policy information on this page, did I miss
> something?"), the point I was trying to make obviously got completely
> lost on a bunch of folks!
>
> So... in case you missed it, these are my points:
>  1) All unused USB ports should be turned off in BIOS. (And, BIOS
> should be locked with an administrative password.)
>  2) USB devices -- especially flash drives and other storage media --
> do not, in general, have a place in the workplace.
>  3) If you absolutely must enable the use of flash drives (or other
> removable media), then:
>     a) They must be scanned by AV software before access is allowed.
>     b) Nothing on the removable media should be allowed to execute.
>     c) All data transferred to / from removable media must be logged.
>     d) Data exfiltration safeguards need to be applied separate from
> the implementation of any removable media.
>
> Where were my points buried in that page? Well, if you can plug in a
> flash drive and have it steal credentials from the computer with no
> other user interaction required, you clearly have a SERIOUS security
> issue that could be exploited by anyone possessing a flash drive.
>
> Need I explain more?
>
> Jon K.
>
>
> Jon Kibler wrote:
> > Steven Bonici wrote:
> > > I am looking for a policy on using flash drives, can someone point  
> > > me to
> > > one?
> >
> > See: http://wiki.hak5.org/wiki/USB_Switchblade
> >
> > This will clearly show what should be your policy.
> >
> > Jon K.
> - --
> Jon R. Kibler
> Chief Technical Officer
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC  USA
> o: 843-849-8214
> c: 843-224-2494
> s: 843-564-4224
> http://www.linkedin.com/in/jonrkibler
>
> My PGP Fingerprint is:
> BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkjvaDUACgkQUVxQRc85QlPl9wCeMV3V5JiJl1rY3DuXUKS0NGbh
> oQcAniRfba7waUPtqVpZrmHMMJs0Q/YY
> =uFtB
> -----END PGP SIGNATURE-----
>
>
>
>
> ==================================================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> http://www.trustem.com/
> No Spam. No Viruses. Just Good Clean Email.

The information contained in this e-Mail and any subsequent correspondence is private and is intended solely for the 
intended recipient(s). The information in this communication may be confidential and/or legally privileged. Nothing in 
this e-mail is intended to conclude a contract on behalf of Logically Secure Ltd or make Logically Secure Ltd subject 
to any other legally binding commitments, unless the e-mail contains an express statement to the contrary or 
incorporates a formal Purchase Order.  For persons other than the intended recipient any disclosure, copying, 
distribution, or any action taken or omitted to be taken in reliance on such information is prohibited and may be 
unlawful.

Registered in England and Wales No: 05967368.  Registered Office: 36 Tudor Road, Lincoln, LN6 3LL.