Comments
Thumb Drive Security: Snowden 1, NSA 0
Newest First  |  Oldest First  |  Threaded View
Verdumont Monte
50%
50%
Verdumont Monte,
User Rank: Apprentice
6/18/2013 | 9:46:48 PM
re: Thumb Drive Security: Snowden 1, NSA 0
USB monitoring tools works only with "Normal" to "Average" tech users. Most of the tools have weakness. Let us say that you have a third party solutions like Symantec end point security, or through Windows GP, all these work at application layer. Let us say for argument's sake, the Hard drive is encrypted by Bitlocker / Truecrypt or some third party software, still you could simply change your BIOS settings, boot using USB thumb drive, load the appropriate software, decrypt the HDD {Since you already know the password}, copy the required stuff to the Thumb drive. One third party solution ran as a service, all we had to do is to kill that service, it would enable USB drives!. This guy being "Above" average tech guy, he would have figured out a way to copy even if the USB accesses have been blocked. For places like this, the best solution would be to implement physical security. Eventhough it might be humiliating for the people who work there, simple physical pat down would've caught this leak, in my opinion.

@ubm_techweb_disqus_sso_-4fc2f376be2e1ff30a713c6d7462e08d:disqus - I agree with your physical security suggestions, but as I had mentioned, these 3rd party solutions doesn't work. Some of the places where I had worked as consultant, had disabled USB dirves using one of these products. Me being consultant, I needed to copy data back and forth for work, I had to use one of the above mentioned techniques to circumvent the protection for working from home. So far I was able to circumvent all the third party solutions, that I have encountered.
Cara Latham
50%
50%
Cara Latham,
User Rank: Apprentice
6/17/2013 | 12:46:09 PM
re: Thumb Drive Security: Snowden 1, NSA 0
While it is unsurprising that it was so easy for Snowden to use a thumb drive because of his title, I think, as Foster notes, people who are determined to leak information will find a way -- even if bans on thumb drives are implemented.
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
6/15/2013 | 9:51:29 PM
re: Thumb Drive Security: Snowden 1, NSA 0
Is there a way to keep thumb drives out of corporate systems? Sure - there are plenty of safeguards out there that can be put in place, from security models enforced at the desktop to notifications sent from machines that detect a non-corporate thumbdrive into the Network Security group. Things as simple as shutting down the USB ports and optical drives on a client system could effectively stop the majority of corporate data leaks. That isn't a new technology or idea - I've even seen organizations that put physical locks on the USB ports on systems to prevent their use.

It all comes down to how much effort an organization wants to put into policing this sort of issue and how much they trust their users. I've seen organizations that restrict users from carrying any form of data storage into secure locations for fear of data loss. Having to lock up your tablet, thumb drive... even your smart phone, in a locker before entering the facility can put a pretty serious dent in the idea of data loss via physical media.

In environments that I manage, I try to put as many of those pieces as possible in place, since they're relatively simple to do and have a major ROI when compared to the cost of a data breach. That said, I also take into consideration that if something is digital, it's as good as public (i.e. stolen) anyway - it's just a matter of time before your security envelope gets breached.

Andrew Hornback
InformationWeek Contributor


The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.