• Home
• Topics
• Network Security Management
• Endpoint and NAC Protection
• USB drive security best practices and processes

USB drive security best practices and processes

Requires Free Membership to View

Login



SearchSecurity.co.UK members gain immediate and unlimited access to breaking UK industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.co.UK today!

Michael S. Mimoso, Editorial Director

• E-mail Address: 

By submitting your registration information to SearchSecurity.co.uk you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.co.uk is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

I'm assuming here that the issue that you are trying to address is the use of unapproved USB devices and the threats they introduce to your environment. In summary the threats are:

• Importing a Trojan or unauthorised software via USB stick, leading to a loss of service.
  
• Importing copyrighted material (typically music or videos), breaching copyright and using up resources.
  
• Theft of company information by downloading onto a USB device.
  
• Downloading information onto a USB device and subsequently losing that device, leading to a disclosure of sensitive information and potential reputational damage.

There are a number of well-established products in the market geared toward ensuring USB drive security. In choosing a product, consider the following questions:

• Do you want to control and audit devices, or do you also want to be able to encrypt them using the same product? Some products will allow you to do both.
  How easy is it to centrally manage USB device permissions?
  
• Do you want to prevent unauthorised devices, or just receive an alert when an unauthorised device is introduced?

The answers to these questions will depend on the risk to your organisation and the procedures that will work for you. In my experience, it can be difficult to persuade businesses to adopt a complete lockdown of USB devices, particularly senior managers using iPhones (yes, these too are USB devices). So select a tool that offers the flexibility to manage exceptions if you cannot implement a strict policy, as is often the case.

Dig Deeper

This was first published in January 2010

More from Related TechTarget Sites

• Networking UK
• Virtual Data Centre
• Data Management UK
• Security
• Cloud Security
• Security IN

• Networking UK

  • Cisco Live London: 40 and 100 GbE, souped up WLAN

    At Cisco Live London, Cisco launched 40 and 100 GbE switching, a souped-up 4-antenna WLAN access point, and a host of network virtualisation technologies.

  • UK Networkers should gear up for mobility implementations in 2012

    Companies are rethinking legacy tools to take advantage of what users get from having access to data and applications across all kinds of devices, according to TechTarget’s 2012 IT Priorities Survey.

  • Cloud gets vote of confidence from UK buyers in 2012 IT priorities

    The cloud is set to be a key investment area for UK buyers in 2012 with 30.5% of IT buyers pledging to spend on the technology, according to TechTarget’s 2012 IT Priorities Survey.

• Virtual Data Centre

  • SEPA reaps cost savings running Oracle on VMware

    SEPA’s IT team was warned of the complexities of virtualising Oracle database and apps. But strategic design and testing helped it run Oracle on VMware vSphere and reap benefits.

  • London 2012 Olympics: Aim for gold with DR, business continuity plans

    With 80 days to go before the London 2012 Olympic Games begin, IT pros must review and test their contingency, disaster recovery and business continuity strategies.

  • Using automation, self-service provisioning to build a private cloud

    IT pros that recognise cloud computing benefits want to build one behind closed doors. But a private cloud requires automation, self-service provisioning and management planning.

• DataManagement UK

  • Podcast: How to craft an effective MDM strategy

    In this podcast interview, Andy Hayler gives advice on how to create and implement an MDM strategy that is ruthlessly focused on business value.

  • Jill Dyché: CEO big data focus good news and bad news for IT

    Jill Dyché, a data management expert, sees CEO interest and scepticism as both an opportunity and a threat. Avoid the big data 'gotchas', and don't mistake data warehousing for big data.

  • Infostrada teams up with Roambi, mobile sports analytics at Olympics

    Dutch media sports information provider Infostrada has teamed up with mobile BI company Roambi to create an iPhone and iPad app for the Olympics. It will predict medal counts.

• Security

  • PCI Council urges P2P encryption for mobile payments

    A PCI Council guidance document requires merchants to use a validated PIN entry device or secure card reader to accept payments using mobile devices.

  • Steve Lipner on the Microsoft SDL, critical infrastructure protection

    Microsoft’s senior director of security engineering says core SDL principles should be at the foundation of critical infrastructure system protection.

  • Android security model doing best to enable mobile malware spread

    At Information Security Decisions 2012, Dan Guido put the mobile malware focus on the Android security model and Google’s mobile app vetting process.

• Cloud Security

  • Leveraging Microsoft Azure security features for PaaS security

    Organizations can boost PaaS security late in the game by implementing these stopgap measures.

  • Quiz: Understanding cloud-specific security technologies

    Think you understand cloud-specific security technologies as well as expert Joseph Granneman does? Test your knowledge with this quiz.

  • CSA launches cloud security certification initiative for service providers

    Plan calls for working with certification bodies, government agencies, as well as an independent CSA certification.

• Information Security

  • Maltego tutorial - Part 1: Information gathering

    Maltego is a powerful OSINT information gathering tool. Our Maltego tutorial teaches you how to use Maltego for personal reconnaissance of a target.

  • POS terminal security: Best practices for point of sale environments

    Securing point of sale (POS) environments can be tricky. Shobitha Hariharan and Nitin Bhatnagar share comprehensive POS terminal security best practices.

  • Burp Suite Tutorial PDF compendium: WebApp tester’s ready reference

    Our Burp Suite tutorial PDF compendium is a collection of our Burp Suite guides in PDF format made available to you for free offline reference.

• About us
• Contact us
• Site index
• Privacy policy
• Advertisers
• Business partners
• Events
• Media kit
• TechTarget corporate site
• Reprints
• Site map