Contributors - CyberSecurity Malaysia

More documents

Recommendations

Info

8.Specific device setup classes can also be blocked using the available policies as shown in figure 1. This method requiresthe administrator to know the GUID for the specific device.Figure 1: Local Group Policy Editorc) Disable USB storage devicesIn Microsoft Windows, users can disable the use andinstallation of USB storage devices by editing theregistry. Other USB devices such as mice, keyboards, orprinters will not be affected.Follow these steps to disable access to the USB port inWindows XP and 2000:1. Click Start, and then click Run.2. In the Open box, type regedit, and click OK.3. Locate, and click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor4. In the right pane, double-click Start.5. In the Value data box, type 4, click Hexadecimal,and click OK.6. Quit Registry Editor.These settings can be put in place by a user withadministrator privileges. The bad news is that users canalways change the settings whenever they like. Afterall, convenience usually takes precedence over security.To re-enable a disabled port, follow the above stepsand change 4 to 3 in the Value data box.d) Enforce read-only policy on USB drivesSome users might be skeptical to the idea of disablingUSB drives. Instead of disabling them completely, wecan also make them read-only. We can copy data fromthe drives, although copying data to the drives is notallowed. This feature comes with Windows Vista andWindows XP Service Pack 2.Follow these steps to make USB drives read-only:1. Click Start, and then click Run.2. In the Open box, type regedit, and click OK.3. Locate, and then click the following registryk e y : H K E Y _ L O C A L _ M A C H I N E \ S Y S T E M \CurrentControlSet\Control.4. Right-click on Control, select New > Key and name itStorageDevicePolicies.5. Right-click on the new StorageDevicePolicies key,select New > DWORD and name it WriteProtect.6. Right-click on the new WriteProtect DWORD, selectModify, enter 1 into the Value Data field and clickOk.Only apply this policy if there is a need for readingfrom the drives, while blocking writing. If there is noneed for both, you should just disable the USB drivescompletely.e) Use toolsInstead of depending on users to exercise caution andimplement countermeasures, companies can enforcethem through company policy by using tools such as:i. DeviceLock – network administrators can centrallycontrol uploads and downloads through localcomputer devices using DeviceLock. Unauthorisedusers can be prevented access to a wide range ofdevices, including USB devices.Combined with third-party encryption products,DeviceLock administrators can centrally define andcontrol encryption policies for storing and retrievingdata through removable drives.ii. MyUSBOnly – a product that can block untrustworthyUSB storage devices at any end-points. Oneinteresting feature is that it is able to run invisibly
and secretly log all connections/disconnections,and files copied, modified or deleted. It can alsosend email notifications when someone connects anunauthorised USB device to the computer.Criteria certifications, making them the USB flashdrive of choice for organisations that requireproven solutions from a leader in secure removablestorage.”9.iii. Safend Protector – administrators can not onlycompletely block all storage devices, but canallow them for read-only. It can also do encryptionof data. It monitors, blocks, and logs files thatare downloaded to or read from these devices.Safend Protector is also an EAL 2 Validated Productconforming to the Common Criteria (ISO/IEC 15408)(Ref [6]). Common Criteria is an internationallyrecognised ISO standard (ISO/IEC 15408) used bygovernments and other organizations to assesssecurity functional requirements and securityassurance requirements of technology products.f) Built-in security featuresCompanies can also provide their employees withdevices that have built-in security features. These USBdrives have features that can protect data securely,quickly and easily. This protection is especially neededto mitigate the risks if the USB drives fall to the wronghands.i. SanDisk’s Cruzer Enterprise flash drives includeprotection at multiple levels and stages, passwordprotection, hardware based encryption, centralmanagement, and powerful authentication. It alsohas anti-malware scanning that examines every filebeing copied to the USB drive, and prohibits filetransfers when it detects infection on a host PC.This will prevent the flash drive from becoming avirus carrier.As reported in “SanDisk Cruzer Enterprise FlashDrives Earn Certification”, (Ref [7]), “CruzerEnterprise flash drives are the only USB drives inthe world to hold both FIPS 140-2 and Commonii. IronKey Secure USB – the only USB flash drivevalidated to meet the stringent Security Level 3requirements of the FIPS 140-2 standard (Ref [8]).It protects data with strong AES 256-bit hardwareencryption. The enterprise version includes centralmanagement which can remotely enforce securitypolicies across thousands of IronKey Enterprisedrives. It also allows secure device recovery andthe ability to remotely disable or destroy drivesthat are lost, stolen or in the possession of formeremployees and other unauthorized users.There are many secure USB drives available in the markettoday. Companies concerned about security shouldinvest in one that meets its policies and requirements.Having a secure USB drive does not necessarily meanthat their security features will be used. Therefore,companies should further define policies to enforce theuse of a flash drive’s security features.Note: Please exercise caution when playing with MicrosoftWindows Registry and you might want to get assistancefrom any system administrator.Policies regarding personal storage devices such as onlycompany-provided devices can be connected to company’slaptops, personal computers and servers, are alsoneeded. To really enforce these policies, there should bea mechanism to control the use of USB removable devices,whether inside or outside the corporate network, andmanage the company-provided USB drives. This can bedone by implementing tools mentioned under e), or usingUSB drives which have central management features likethe ones mentioned under f).e-Security | <strong>CyberSecurity</strong> <strong>Malaysia</strong> | Volume 21 - (Q4/2009)
Page 1: Volume 21 - (Q4/2009)“Companies s
Page 4 and 5: 4.MyCERT 4th Quarter 2009 SummaryRe
Page 6 and 7: 6.USB PortA culprit to ICT Security
Page 10 and 11: 10.ConclusionReferencesUSB removabl
Page 12 and 13: 12.Figure 9: Interpreting “Active
Page 14 and 15: 14.7. A list of time zone propertie
Page 16 and 17: 16.allowing you to specify which da
Page 18: 18.Guide to Motion Compensation (Ph
Page 21 and 22: Graph 1 shows all the satisfied poi
Page 23 and 24: CyberdatingHow to Have Funbut Stay
Page 25 and 26: find them. If anything goes wrong,
Page 27 and 28: 27.What could be the threats to ena
Page 29 and 30: 29.InternetRadio Frequency Identifi
Page 31 and 32: Common Criteria andNational Cyber S
Page 33 and 34: 33.Case Study: US Government Direct
Page 35 and 36: has caused a US$2.25 million fine t
Page 37 and 38: 37.lewat sampai pada penerima ataup
Page 39 and 40: For instance TM, Malaysia’s large

Contributors - CyberSecurity Malaysia

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?