Wednesday, May 23, 2012

Security+ Topic - Sneakernet

10 points to griffendor if you know what sneakernet is. I find it really interesting how technology has come 360 in the way that we all share files. Here is your history lesson. Before networks became a major part of our lives, people would have to share files by taking a floppy disk from one computer to the other. This was commonly referred to as sneakernet because of the sneakers on your feet to move the files. Now ask yourself this. How many times has someone wanted a file you have and so you copy it to a flash drive or cd/dvd to give it to them? Probably a whole lot. These forms of data transfer are not immune to security threats as they pose their own problems that must be addressed.


The most important thing you can do to try and protect yourself is to turn off the auto-play feature. The auto-play feature makes a disk more user friendly by automatically bringing up a selection or interface. The concept is great from a developer standpoint as it looks all fancy and users get excited about what they are seeing. From a security standpoint, this is a nightmare. The ability of a cd, dvd, or flashdrive automatically executing code on my computer makes me nervous. Sure there is good software out there but there is also bad software. I would like to give you an example of how you or your company may get infected.


From the standpoint of an attacker, I have learned some names of people in your company and their positions. I may not know how tight your computer security policy is but I am going to do a little test on employee computer privileges. After getting some materials such as documents headers, logos, and other company related items I create a CD named “Company Christmas Pics”. I walk into the company asking for directions some place, leaving a cd by the front desk, another by the elevator, and a few more around employee break areas or parking lots. As an employee you become curious when you see one but don't remember any company christmas parties this last year so you decide to check it out. When you put in the CD it automatically pops up with an error saying that it is unable to open due to an error. You don't think anything of it and pull the disk out, most likely throwing it in the trash. What just really happened though is that your computer got infected with a virus in the background because you run your account under administrator privileges.


The same can be true for flash drive as well as CD's or DVD's. For flash drives it could be almost the opposite of this scenario though. As a manager for your department, you are charged with taking the backups for your employees to a safe deposit box via a flash drive. Its been a long day and your tired so when you get in your car you accidentally drop the flash drive out of your pocket into the parking lot. You get home, noticing it is gone but think it must be in your car somewhere. The next day you forget about the whole thing and make your way to work like normal. During this whole time someone picked up the flash drive from the parking lot and is using the information to exploit your company.


The bottom line here is that you have to be careful with how you handle your removable media and take caution to how you open it. The best bet would be to have a separate lab computer that you can test media with before putting it into your regular work computer. This may not always be possible though so steps can be taken to prevent any malicious code from running in the first place.

-- Joe McShinsky