|
||
|
|
|
|
|
|
|||
|
The DataGuard Data Protection Newsletter June - October, 2006
Bullet Points
Securing Your SmartPhone/PDA Protecting Yourself From Spoofed Websites Protecting Wireless Connections SpyWare Epidemic The Problem With Portable Storage Devices
Welcome! If there are any topics you would like to see discussed in the future or if you have any comments, please contact me at JoeT@HighCaliber.com
The Problem With Portable Storage Devices Small storage devices are small, inexpensive, easy to use -- and easy to lose. This poses a potentially serious security problem. A $30 USB Flash drive misplaced in a restaurant or airport may contain sensitive data that can leave a company vulnerable to a rival, or a lawsuit. In one much-publicized case, a former employee of a major financial institution unwittingly sold on eBay a wireless handheld device containing an ex-employer's customer list. As mobile devices and cheap, removable storage media proliferate, security risks have grown exponentially. Take the iPod. Commercially available software now enables the little MPEG player to download a lot more than music files: e-mail, calendar contacts, favorite Web sites and data files for example. The practice has become widespread enough to gain an official nickname: slurping. Conversely, portable storage devices become conduits for viruses and other malware. A visitor left alone in a conference room with an unguarded PC needs only a few moments to upload malware or a Trojan horse into the corporate network. An employee takes corporate files home, infects them with a virus on his or her home computer, then uploads them to an office PC. In a 2004 report, "How to tackle the threat from portable storage devices," Gartner Inc. advised companies to consider prohibiting or at least restricting the use of small, portable storage devices -- from USB keychain devices to iPods -- by employees and outside contractors who have direct access to corporate networks. The report also advised companies to institute a "desktop lockdown policy" that permitted only authorized devices to be plugged in. Banning portable storage devices is rarely a viable solution. These devices are one of the easiest ways to move data. Most of the ways people use them are valid, like taking information home to work, copying presentations off file servers, etc. GFI Software Ltd., SmartLine Inc. and DeviceWall have introduced software that enables administrators to centrally control what type of device and port can be utilized to read from, or write to, a particular PC. For example, an end user might be given read/write privileges for a notebook or personal digital assistant (PDA) that can be equipped with security software, but not to a keychain device. In addition, Microsoft's Windows XP Service Pack 2 provides a registry key that can be configured to make USB storage devices read-only. Ramon, Calif.-based SmartLine's DeviceLock can grant read or read/write, but not write-only privileges. Both SmartLine and DeviceWall products allow administrators to grant users temporary access to USB devices, when their PCs are offline, by providing temporary access codes. Well-defined corporate policies covering appropriate usage of these devices coupled with education/training may be the only way to control this burgeoning problem at this time.
DataGuard archives: Click Here |