For all the latest in expensive security software and peripherals that money can acquire, enterprises inevitably still miss some security holes. It might surprise you, but one security hole often missed out by security managers is the humble universal serial bus (USB) port.
Designed as the interface solution for a legacy-free PC, a USB can connect a mind-boggling number of computer peripherals, including mouse devices, keyboards, gamepads, joysticks, scanners, printers, and flash drives. And the list goes on.
Available on just about every computing device, the USB port has become ubiquitous. It can, however, be a security bane for the enterprise.
For an illustration of just how someone could exploit an enterprise workstation via its USB port, we can turn to a true story I read recently. You can read about it in this free white paper (Registration needed). Read on and you tell me how plausible it sounds.
Basically, an IT security officer at a U.S.-based company purchased a handful of memory sticks. He loaded some software on them and went ahead and scattered them around the company's parking lot.
To cut a long story short, several employees found the memory sticks and took them back to their work terminals. They then plugged them into their PCs and laptops, found the software, and ran it "just to see what it does."
Now, it would hardly be legal, but think about just how trivial it would be to load a malware or keylogger into the USB-based flash drive instead and repeat the same exercise at a competitor's car park?
"But we have antivirus scanners!" you cry.
Just how hard is it to code a custom malware, first testing it against the most popular antivirus scanners to verify that their puny heuristic engines don't sound the alarm on your nefarious executable? In fact, if you're a good programmer, you can probably up the ante by encrypting your network data when reporting home. Bravo if you piggyback it on an anonymizing network such as TOR for further obfuscation.
All is not lost however. There are some practical steps you can take to mitigate some of the threat:
- Where possible, disable USB ports.
- Where possible, don't let your users run as root or administrator.
- Disable the Autorun feature on removable drives.
- Compartmentalize your LAN into different VLANs.
- Deploy white-listing technology to complement antivirus scanners.
In the future, I'll elaborate on some of these items, so stay tuned.
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.