USB Flash Drive Security

Article by Jake Shores (3,737 pts )
Edited & published by Brett (5,994 pts ) on May 1, 2009

As technologies improve, USB flash drives will become cheaper, smaller, and more abundant. Use these tips to make sure someone isn’t literally walking off with your sensitive business information in their pocket or hanging off of their key chain.

So what is a USB flash drive exactly? This little device uses flash memory to store information and transfers that information via a USB (Universal Serial Bus) connection. Unlike a conventional hard drive, a flash drive has no moving parts. Instead, it is a special type of EEPROM (electrically erasable programmable read-only memory) that can be erased and reprogrammed automatically. Now granted, the storage capacity doesn’t even come close to what conventional hard drives offer but there is still plenty of room to store large video and audio files in addition to large documents.

USB flash drives come in all different shapes and sizes but are usually no bigger than a pack of gum. Other terms you may have heard that are synonymous with this type of device are thumb drives, pen drives, pocket drives, etc. The small size of these devices should be of concern when evaluating their use in your environment; especially from an information security perspective. They are easy to hide, can store a considerable amount of data, are simple to use, easily accessible and very affordable.

If proper steps are not taken to secure your computing environment, a USB flash drive would be an ideal means of collecting valuable information and literally pocketing it. So what steps can be taken to secure your environment against these potentially sinister little devices? Here are two rules of thumb.

Confidential information should be kept… confidential!

  • Make sure you have a strong information security policy in place. Confidential information should be kept on your servers or in password-protected folders or shared drives. There’s no reason sensitive information should be saved on a local hard drive if it doesn’t have to be. That’s like leaving your $50,000 BMW parked on a busy street while your four car garage sits empty!

Disable the use of USB storage devices for users that don’t have a valid business need for it.

  • USB storage in the Microsoft Windows environment is fairly simple but if you’re not familiar with the Microsoft Windows Registry or system structure, this may be something you’ll want to get assistance with. Intermediate and advanced users (i.e. system administrators, IT technicians, etc.) will most likely find this pretty straightforward. And not to worry, this will not affect normal USB devices such as mice, keyboards, or printers. This will only disable the use and installation of USB storage devices. Should you not wish to disable the use of USB devices completely, it's possible to create a policy that will make them read-only. See our article How To Enforce a Read-Only Policy on USB Drives for more information.

DISCLAIMER: The following should only be attempted by those who are familiar with the Windows Registry and system structure. Any time you make major changes to a system, it’s a good idea to backup your system registry. Go here for Microsoft’s instructions on how to do this.

Images

Registry EditorEdit the Start registry keyTurn off Simple file sharingSet permissions for usbstor files to DenySearch Results for usbstor files

Comments

Mar 5, 2010 12:09 PM
Curtis
For Rupert
This might clear it up a little better for you.

http://support.microsoft.com/kb/823732

Enjoy!
Aug 4, 2009 7:13 PM
Rupert
help needed
hi jake

i work in an warehouse as
it support.. I want to block access for using usb storage devices but allow access for usb devices like mouse, keyboard, and usb scanners.. Please mail me the details as to how i can do it.. the pictures in your article aren't of good clarity..

Thanks
Rupert

E-mail:Rupert.DSilva@logixuae.ae
 
Subscribe to Computer Security
RSS
Get free weekly updates, directly to your inbox.
Subscribe
Browse Computer Security