Continue Reading This Article
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
A few months back, an information security consulting firm employed this technique using a clever social engineering twist while performing a penetration test. The team scattered about 20 thumb drives around the penetration test customer's parking lot. Then, the team asked the employees of said company to find these USB tokens and plug them into corporate computers to see what was on them. Once inserted, the software on the drives automatically executed, allowing the penetration testers to bypass the firewall and control these computers.
So, how can information security pros deal with this new threat? You could disable USB tokens entirely from your environment, either by disabling the drivers on individual machines, or doing so on an enterprise-wide level, using Group Policy deployed with Active Directory. You can also use Group Policy to disable CD auto-run, as described here.
Some organizations have even taken the more draconian step of putting glue into all of their computer systems' USB slots to prevent them from being used. Of course, such a solution isn't ideal for all of us.
This was first published in December 2006