USB = Ultimate Security Breakdown?

By | December 13, 2005

For the average corporate or home PC user, the acronym USB, short for Universal Serial Bus, describes a computer port that makes it very easy to connect devices directly to a machine. With this connection, a person can transfer or copy information to and from a computer with little trouble.

But for security administrators and corporate executives, USB is taking on an entirely new meaning: ultimate security breakdown. USB and Firewire ports offer an unbelievably easy and accessible way to take sensitive information outside of the enterprise and yet another way for authorised users to infect the network.

If you look at the new corporate desktop releases from top makers Dell, Hewlett-Packard and Gateway, a single system can easily have up to eight USB ports. But it´s not the sheer number of ports, but the default plug-and-play configurations of operating systems like Microsoft Windows XP that are the real problem. Current operating systems provide seamless support for USB devices, and for good reason, their users want to be able to, sync their PDAs, upload photos and transfer music to and from their music players with no hassle.

But the resulting security problems are significant. In industries such as financial services, government and health care, where sensitive information not only exists, but is heavily regulated by privacy laws, this potential egress of data constitutes a monumental risk. And that´s not to mention the finance and legal departments within every publicly traded company, where violations of material event-disclosure laws could result in serious penalties and fines, in addition to significant damage to brand.

So while organisations scramble to turn off the data tap, with no guarantee that software or PC manufacturers will do anything to stop default USB access, things are only going to get worse. Several trends will feed this security dilemma over the next 12 months, including:

Music players such as Apple Computer´s iPods, digital cameras, PDAs and other gadgets with large storage capacities, will continue to see rapid adoption among consumers and business users. With no configuration at all, an employee can plug a USB keychain with a gigabyte of storage into the back of a corporate PC. Employees already bring digital cameras to work to download photos to serve as desktop wallpaper or screensavers. These devices are normally plugged into home computers with a fraction of the security of today´s enterprises, making it incredibly easy for someone to unintentionally download a nasty virus, spyware or other destructive code picked up from their home PC.

Leave a Reply