Americas

  • United States
Popular Topics

Topics

About

Policies

Our Network

More

HomeNetworkingGone in a flash, Part 2
by John Bumgarner and M. E. Kabay

Gone in a flash, Part 2

Opinion
Oct 30, 20033 mins
NetworkingSecurity

* First steps in countering the threat posed by USB flash drives

In the last column, security expert John Bumgarner and I looked at the potential for data leakage introduced through the use of portable USB flash drives.

To counter the threats presented by USB flash drives, organizations need to act now. They need to establish a policy that outlines acceptable use of these devices within their enterprises.

* Organizations should provide awareness training to their employees to point out the security risk posed by these USB flash drives.

* The policy should require prior approval for the right to use such a device on the corporate network.

* Encrypting sensitive data on these highly portable drives should be mandatory because they are so easy to lose.

* The policy should also require that the devices contain a plaintext file with a contact name, address, phone number, e-mail address and acquisition number to aid an honest person in returning a found device to its owner. On the other hand, such identification on unencrypted drives will give a dishonest person information that increases the value of the lost information – a bit like labeling a key ring with one’s name and address.

* Physical security personnel should be trained to identify these devices when conducting security inspections of inbound and outbound equipment and briefcases.

Unfortunately, the last measure is doomed to failure in the face of any concerted effort to deceive the guards because the devices can easily be secreted in purses or pockets, kept on a string around the neck, or otherwise concealed in places where security guards are unlikely to look (unless security is so high that strip-searches are allowed). That doesn’t mean that the guards shouldn’t be trained, just that one should be clear on the limitations of the mechanisms that ordinary organizations are likely to be able to put into place.

Administrators for high-security systems may have to disable USB ports altogether. However, if such ports are necessary for normal functioning (as is increasingly true), perhaps administrators will have to put physical protection on those ports to prevent unauthorized disconnection of connected devices and unauthorized connection of flash drives.

Without appropriate security, these days your control over stored data may be gone in a flash.

Guest author John Bumgarner is President of Cyber Watch, Inc. http://www.cyberwatchinc.com, a security consulting firm based in Charlotte, N.C. John has a rich background in national security and international intelligence and security work. He can be reached at mailto:john.bumgarner@cyberwatchinc.com

Related content

Show me more

news

AWS and Nvidia partner on Project Ceiba, a GPU-powered AI supercomputer

By Andy Patrizio
Nov 30, 20233 mins
CPUs and ProcessorsGenerative AISupercomputers
Image
news

VMware stung by defections and layoffs after Broadcom close

By Andy Patrizio
Nov 30, 20233 mins
VirtualizationData CenterIndustry
Image
news

US will take decades for supply chain independence in chips: Nvidia CEO

By Sam Reynolds
Nov 30, 20234 mins
CPUs and ProcessorsCPUs and ProcessorsTechnology Industry
Image
podcast

Episode 1: Understanding Cisco’s Converged SDN Transport

Sep 24, 202120 mins
Cisco SystemsInternetNetworking
Image
podcast

Episode 2: Pluggable Optics and the Internet for the Future

Sep 23, 202117 mins
Optical DrivesCisco SystemsInternet
Image
podcast

Episode 3: Looking Forward: 5G, Digital Transformation, and the Network of the Future

Sep 22, 202114 mins
5GCisco SystemsInternet
Image
video

How to calculate factorials in Linux

Nov 02, 20232 mins
Linux
Image
video

How to use the nohup command

Oct 31, 20232 mins
Linux
Image
video

How to use date command options

Oct 26, 20232 mins
Linux
Image