Download - USB flash drive security

Transcript
Page 1: USB flash drive security
Page 2: USB flash drive security

USB Drive Security RisksUSB Drive Security Risks

Page 3: USB flash drive security

Preview

• USB drive trend• Risks of storing data in USB drive • What we need to do• How to do it• Why we should do it now• conclusion

Page 4: USB flash drive security

• USB thumb drive• USB memory stick• USB jump drive

• First sold in year 2000• weigh less than 2 ounces• Intended to make life easier for users

HistoryHistory

Page 5: USB flash drive security

1)Wi-Fi2) Digital Camera3) MP3 Player/IPOD4) Email5) Floppy Disks6) CDR, CDRW, DVD-RW7) Remote control software

Different ways to get data out.

AlternativesAlternatives

Page 6: USB flash drive security

• Small physical size• More durable• Fast Speed --3MB/s• Big capacity • Low price • More functionality• Plug-and-Play

-1million read & write cycle

Why Choose USB ?Why Choose USB ?

Page 7: USB flash drive security

Greatest benefit = Greatest security risk !Greatest benefit = Greatest security risk !

Page 8: USB flash drive security

85million units sold in 2007 Only few buyers thought about the drives’ security implications.

-Gartner

Page 9: USB flash drive security

According to security firm Vontu

• >50% of 480 surveyed tech-professionals’ USB drives contain unprotected confidential information

• 1 USB drive is lost at work each month– Unlike laptop, storage devices are small and

cheap. Many employees do not report them missing as they would a laptop.

Page 10: USB flash drive security
Page 11: USB flash drive security

• Corruption of data

• Virus Transmissions

• Loss of media

• Loss of confidentiality

RisksRisks

Page 12: USB flash drive security

• Corruption of data – Occur if the drive is uncleanly dismounted

– computer usually has no way of knowing when USB memory sticks are going to be removed

– The OS will attempt to handle unexpected disconnects as best it can, so often no corruption will occur.

RisksRisks

Page 13: USB flash drive security

• Corruption of data • Virus Transmissions

Whenever files are transferred between two machines there is a risk that viral code or some other malware will be transmitted, and USB memory sticks are no exception.

• April 2008, a batch of HP USB flash drives were shipped with a virus.• November 2007, Maxtor USB Hard Drives Ship Virus Infected

RisksRisks

Page 14: USB flash drive security

• Corruption of data • Virus Transmissions• Loss of Media

– A drawback to the small size is that they are easily misplaced, left behind, or otherwise lost.

– All data is lost too

RisksRisks

Page 15: USB flash drive security

• Corruption of data • Virus Transmissions• Loss of Media• Loss of Confidentiality

– If the stick then finds its way into the hands of a competitor, then the company has suffered a much greater loss than simply the replacement cost of the drive.

– A $25 thumb drive can contain $25 million worth of information on it

RisksRisks

Page 16: USB flash drive security

• The personal information of 6,500 current and former University of Kentucky students was reported stolen May 26 after the theft of a professor's flash drive. The drive has not been recovered.

• April 2006, Flash drives holding sensitive and classified military information turned up for sale at a bazaar near Afghanistan. Investigators recovered many drives, but an unknown number are still missing.

• In October, Wilcox Memorial Hospital in Hawaii, informed 120,000 current and former patients that a flash drive containing their personal information — names, addresses, Social Security numbers and identifying medical record numbers — was lost. It has yet to be recovered.

Recent IncidentsRecent Incidents

Page 17: USB flash drive security

4 easy steps

SolutionsSolutions

Page 18: USB flash drive security

Corruption of Data• dismount the device according to the OS

documentation.

Page 19: USB flash drive security

Virus Transmission

• Some USB memory sticks include a physical switch that can put the drive in read-only mode. – keep the host computer from writing or

modifying data (including viruses) on the drive

• If files need to be transferred from an un-trusted machine, scan the USB drive after copying files from it.

Page 20: USB flash drive security

Loss of Media

• attaching flash drives to keychains, necklaces and lanyards.

Page 21: USB flash drive security

Loss of Confidentiality• avoidance

– no private data is stored on the drive• severely limiting

• encryption.– allows any data to be stored

on the drive but renders the data useless without the required password,

Page 22: USB flash drive security

Encryption

– fingerprint scanning USB drive• run your finger over the scanner and it will be

ready to read your files. • Very expensive

– Pre-installed encryption software• Cost 2X more

– encryption software• Commercial• Free

Page 23: USB flash drive security

• easy and fast

• encrypt files/folders. • 128 bits encryption

Page 24: USB flash drive security

• On-the-fly (Real Time) • Encrypt Automatically

• encrypt virtual partition • 256 bit AES (military-grade) encryption

Page 25: USB flash drive security

• Can’t completely eliminate all the risk

Page 26: USB flash drive security

• Significantly reduce all the risks

• Kick-back and relax

If You DoIf You Do• It will be too late when

you lost the drive or your drive got infected by virus.

Recognize the thumb-drive threat and take action

If You Don’tIf You Don’t

Page 27: USB flash drive security

• USB drive will become more popular and security incidents will occur more often

• 4 steps to reduce– Data corruption– Virus transmissions– Loss of media– Loss of confidentiality

ConclusionConclusion

Page 28: USB flash drive security
Page 29: USB flash drive security