Flash Drives: New Technology Always Means New Risks A Double-Edged Sword Sonny Discini
Flash drives are small solid-state memory sticks that are about the size of a highlighter pen and that can hold anywhere from 1MB to 1GB of data. They're incredibly lightweight, very portable, and are compatible with any PC equipped with a USB port and running Windows 2000/XP, Mac OS 9-10X, or Linux 2.4.17. (Windows 9x PCs require a one-time driver installation.)
USB Flash Drives have fast transfer rates (1Mb/sec), include no moving parts, and don't require a separate power source or batteries. Just stick the flash drive into the USB port of your PC and Windows Plug and Play will immediately recognize it as an additional drive. You can then copy the files you need to take with you, unplug the device from the PC, and you're ready to go. Flash drives hold more data than a floppy, are more portable than ZIP drives and other remote storage devices, and are more convenient to tote (and less fragile) than CD-RW disks.
However wonderful these new devices are, like any other technology, they do have a dark side. You don't have to be an administrator to install one of these devices under Windows 2000/XP, and you can't manage USB devices via Group Policy. In other words, short of disabling all of the USB ports, they are impossible to defend against.
In the past, floppy disks were used to spread viruses and to add or remove data from your environment. Flash drives open an all-new avenue to seed environments. With their large capacities, imagine the amount of infections that can be introduced into your environment and possibly released on your network.
Adding to this point, with additional capacity comes unauthorized or illegal software and/or copyrighted materials into your organization. People now have a virtually undetectable medium to introduce applications, audio, video, pornography, and any number of other things that violate security policies and applicable laws.
And users not only have a high speed/high capacity device to bring data into your environment, they also have the same benefits when removing data. Corporate espionage is a largely underreported problem in the United States and Europe. Attackers, corporate spies, and disgruntled employees steal data every day, and in many cases these are crimes of opportunity.
With a Flash Drive, any unattended and unlocked PC with an enabled USB port becomes an opportunity. A little social engineering can give an attacker physical access to a corporate PC long enough to steal data or plant spyware. Disgruntled employees can take home sensitive data in a few minutes. Exactly how fast? At 1/Mb per second, a user can copy a 60Mb file to a flash drive in a mere 60 seconds.
In addition, some USB flash drives can be made bootable. This means that an OS can be mounted and all data on a PC can be browsed and copied outside of any local security restrictions imposed by administrators. The Knoppix project already offers a Linux distro meant for booting USB drives. For more information, visit this link.
