Professional Documents
Culture Documents
Dear Netizens,
Following is my 1st blog ever posted on internet.
While thinking over various areas within the ambit of Information Security, I think
the following paragraphs shall help you understand one of the most important
devices that have actually made our life
portable.
The need and importance of more fast, accurate, nonvolatile storage media was
felt during various innovative periods. The ultimate birth and usage of key-sized
PSDs have solved that problem to a greater extent. Carrying all the features of
portability, accuracy, simplicity, speed and non-volatility, it can store information,
business proposals, accounts, client’s details, marketing plans and whatever u
think, they are being used for different purposes as listed below;
1 | Page
1. Used for the huge storage purposes ( various data in text and
multimedia form)
2. Used for transporting large files to any remote location
3. Used for back-up files
4. Administrators used it as a portable toolkit that includes recovery
tools, drivers, system update and diagnostic utilities.
5. Used for the authentication and identification purposes
6. Used as a biometric device
While discussing the security issues involving the usage of PSDs for different
purposes, one thing is quite clear that they are pocket sized ultra portable storage
devices that can be instantly accessed from any PC with a USB port.
Here I feel it shall be beneficial for the readers if I first shall discuss in brief the
Corporate IT Security Infrastructure.
Risks and Threats: Various firewalls, antivirus software do not provide any
defense at the local end points from data theft etc. Following is the list of possible
risks and threats an organization can face from the PSDs.
Aijaz’s Blog
How one can spread and/or implant virus through PSDs: As stated
earlier that PSDs are fast and can hold large amount of data ranging from
10MB to 100 GB.
3 | Page
Users can either bring with themselves the infected documents from home
or they can take home the document to an infected PC, use and update it
and bring it back to the corporate PC. As we know that antivirus software is
working reactively i.e. can only identify the viruses which have been
previously identified. PSDs can bring a new virus that would be nearly
impossible to be detected and prevented by the antivirus software.
Malicious Software: Besides viruses, the ability of PSDs to store and retrieve text
and multimedia based information would create new problems for the corporate
world to look after the malicious software
more carefully and aggressively. User can
bring in unauthorized software or data files
like shareware programs, software pranks, MP3
files, video clips, pornography etc that
would ultimately affect productivity and
increase the violation of corporate security
policy. Previously due to the limited storage
capacity of floppy disks, it was not possible to
visibly affect the productivity etc.
therefore any one use USB device to upload
potentially harmful software or viruses into
the company IT infrastructure.
No Encryption: Nearly all the mobile storage device users do not use any
form of encryption algorithm to protect their data.
Data Loss: On the other side the portability and size of PSDs opens the new
doors of data loss that could fall into the wrong hands. Most of these devices
don’t have any satisfactory or nil built-in security features that could help to
protect the data. These devices loaded with important data / information can
easily be stolen and even borrowed. Therefore there storage is another issue
Aijaz’s Blog
5 | Page
Beyond everything: Different forms and shapes of USB supported devices
are increasing day by day and creating equal problems for the corporate
world. A fast changing scenario from plug and play to plug and steel now
has different faces to look after. For example USB ports accommodate
Cameras, modems, network interfaces, printers, adapters, audios, Bluetooth,
cables, CD-RW, data transfer, extenders, enclosures, forensic, telephones,
scanners etc.
have made the PSDs more undetectable in normal conditions. They are
being produced at the larger scale in the shape of pen, key chains, lighter,
mobile phone, cameras, MP3 etc.
7 | Page
While discussing the security aspects I would give due weightage to the
management and social engineering aspects of information systems security.
The practicability issues to stop employees from using USB based storage devices
would nearly be impossible. But a clear understanding can help in this regard. For
example, employees can be clearly instructed
(even can be written in their employment
contract) that the use of non-company devices to
their workstations and other peripherals is not
allowed. Briefly speaking, proper
management is concerned with
‘Educating the security personal’.
Third part software: Devicelock: It’s a software based solution that can
control USB device permissions. It actually enforces granular controls over a
broad range of host devices and ports.
Disable USB ports: At the most primary security level, one can disable or
restrict the usage of USB ports.
Summary:
One cannot deny the advantages and benefits associated with the USB based PSDs
but one thing is clear that it needs to be looked-after properly and given an equal
importance and space in the corporate security policy. While reading the various
related papers I found that the security over PSDs is more focused towards the
supervision and less on controls.
9 | Page
finger on the fingerprint pad followed by entering the memory stick in the USB port
for necessary physical and logical access.
A more detailed research on the risks and advantages associated with the USB
based PSDs being used in a specific industry and the associated policy and tools
employed to protect the lager corporate data, would provide more concrete proof
on these solid state storage devices
Thanking you
Ready References:
2. Continuity Central:
http://www.continuitycentral.com/feature0184.htm
4. Microsoft Corporation:
http://www.microsoft.com/whdc/device/storage/usbfaq.mspx
5. lab mice.com
http://labmice.techtarget.com/articles/usbflashdrives.htm
11 | P a g e