10 points to griffendor if you know what sneakernet is. I find it
really interesting how technology has come 360 in the way that we all
share files. Here is your history lesson. Before networks became a
major part of our lives, people would have to share files by taking a
floppy disk from one computer to the other. This was commonly
referred to as sneakernet because of the sneakers on your feet to
move the files. Now ask yourself this. How many times has someone
wanted a file you have and so you copy it to a flash drive or cd/dvd
to give it to them? Probably a whole lot. These forms of data
transfer are not immune to security threats as they pose their own
problems that must be addressed.
The most important thing you can do to try and protect yourself is
to turn off the auto-play feature. The auto-play feature makes a
disk more user friendly by automatically bringing up a selection or
interface. The concept is great from a developer standpoint as it
looks all fancy and users get excited about what they are seeing.
From a security standpoint, this is a nightmare. The ability of a
cd, dvd, or flashdrive automatically executing code on my computer
makes me nervous. Sure there is good software out there but there is
also bad software. I would like to give you an example of how you or
your company may get infected.
From the standpoint of an attacker, I have learned some names of
people in your company and their positions. I may not know how tight
your computer security policy is but I am going to do a little test
on employee computer privileges. After getting some materials such
as documents headers, logos, and other company related items I create
a CD named “Company Christmas Pics”. I walk into the company
asking for directions some place, leaving a cd by the front desk,
another by the elevator, and a few more around employee break areas
or parking lots. As an employee you become curious when you see one
but don't remember any company christmas parties this last year so
you decide to check it out. When you put in the CD it automatically
pops up with an error saying that it is unable to open due to an
error. You don't think anything of it and pull the disk out, most
likely throwing it in the trash. What just really happened though is
that your computer got infected with a virus in the background
because you run your account under administrator privileges.
The same can be true for flash drive as well as CD's or DVD's.
For flash drives it could be almost the opposite of this scenario
though. As a manager for your department, you are charged with
taking the backups for your employees to a safe deposit box via a
flash drive. Its been a long day and your tired so when you get in
your car you accidentally drop the flash drive out of your pocket
into the parking lot. You get home, noticing it is gone but think it
must be in your car somewhere. The next day you forget about the
whole thing and make your way to work like normal. During this whole
time someone picked up the flash drive from the parking lot and is
using the information to exploit your company.
The bottom line here is that you have to be careful with how you
handle your removable media and take caution to how you open it. The
best bet would be to have a separate lab computer that you can test
media with before putting it into your regular work computer. This
may not always be possible though so steps can be taken to prevent
any malicious code from running in the first place.
-- Joe McShinsky
Wednesday, May 23, 2012
Subscribe to:
Posts (Atom)