Hollywood would have IT pros believe that the biggest threat to network security comes from international super hackers or high school kids trying to download games like global thermonuclear war. In reality, we face a far more mundane threat--our end users, particularly those wielding USB storage devices.
These pocket-sized devices can store a tremendous amount of data and make it easier than ever before for employees to carry off sensitive company information. But even if your users aren't planning to cart off your latest R&D project, USB storage devices (external hard drives, camera, memory stick, MP3 players, etc.) can be a headache in other ways. Employees may use your networks to download music to their USB-based MP3 players. New USB flash drives, such as SanDisk's U3 smart drives, can even run software directly from the device--a perfect tool for the end-user who wants to run unauthorized software on your network.
If you're concerned about USB storage devices on your network and don't feel a written policy alone will protect your data, disabling the devices is your next step. In this IT Dojo video, I show you how to disable USB storage devices on both Apple OS X and Windows.
The United States National Security Agency (NSA) described the process in a March 2008 document from the agency's Information Assurance Directorate. Although this video only covers Windows and OS X, the NSA document covers Linux and Solaris 9 and 10.
Once you've watched this IT Dojo video, you can read the original TechRepublic article, download PDF version of this tip, and learn more about mitigating the risks poses by USB storage devices with the following resources:
- Disable USB storage under OS X or Windows (original article)
- Disable USB storage under OS X or Windows (PDF download)
- To USB or not to USB, that's the security question
- Disable USB ports to prevent unauthorized data transfers
- Shore up USB flash drive security
- Lock IT Down: Use these strategies to prevent attacks from within