The problem with uncontrolled use of iPods, USB sticks and flash drives on your network

GFi

Introduction

Increased portability, ease of use, stylish looks and a good dose of marketing hype are the perfect cocktail to entice the population at large! As the popularity of iPods continues to grow, an alarming army of white earphones is slowly taking over the workplace. But what is so alarming about having iPods and MP3 players at work?

How can insiders steal your data?

The latest versions of MP3 players and flash memory devices have huge storage capabilities; yet these gadgets are small enough to easily conceal and sneak in behind the corporate line of defence.

A user may simply plug the device into a USB or FireWire port and they are up and running - no drivers or configuration required! In practice, this means that a data thief can get away with even more precious data, and a negligent employee can dump more viruses onto the corporate network even when connecting for only a short time.

iPod is just one example of such portable contraptions that boasts up to 60 GB of portable storage space; practically large enough to store all the data found in a typical workstation.

This means that a malicious insider can use an iPod to covertly take out (i.e. 'steal') proprietary data and millions of financial, consumer or otherwise sensitive corporate records at one go!

An easy technique for stealing data

Usher uses the term 'pod slurping' to describe how MP3 players such as iPods and other USB mass storage devices can be easily used to steal sensitive corporate data. To demonstrate the vulnerability of corporate security, Usher developed a "proof of concept" software application that can automatically search corporate networks and copy (or "slurp") business critical data on to an iPod.

This software application runs directly from an iPod and when connected to a computer it can slurp (copy) large volumes of corporate data on to an iPod within minutes. What's more is that all portable storage devices can be used to slurp information.

Insider information theft is a real problem

Information theft has now become a major concern for every organization and thus data leakage prevention is slowly taking up a bigger portion of the IT budget. More stringent controls and severe penalties are forcing organizations to address regulatory compliance more seriously.

A misconception shared by many organizations is that security threats mostly originate from outside the corporation. However statistics show that internal security breaches are growing faster than external attacks and at least half of security breaches originate from behind the corporate firewall.

Why would insiders want to slurp information?

Malicious intent, monetary gain and curiosity are probably the major motives behind information theft. Trusted insiders can also turn into paid informers and engage in industrial espionage, data warfare or other extensive fraudulent activities such as 'identity theft'.

The term 'identity theft' refers to crimes in which someone obtains and uses the personal details of another person to commit criminal acts, usually for financial gain. To date it is the fastest growing crime in the United States. It was estimated that identity theft victims amounted to around nine million adults in the U.S. in 2005 (Johannes, 2006).

How can corporations mitigate the risks of information theft?

You never know what users may be doing with their portable devices. An employee might appear to be listening to music on his iPod, but actually he or she might be uploading malicious files or slurping gigabytes of valuable data.

The ideal way to ensure complete control over portable storage devices is by introducing technological barriers such as GFI EndPointSecurity. GFI EndPointSecurity is a software solution that allows total control over data transfers, to and from portable storage devices on a user by user basis throughout the network. To read more and download a trial version, visit http://www.gfi.com/endpointsecurity/.

About GFI

GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs.

More information about GFI can be found at http://www.gfi.com.
GFI Software
url:
www.gfi.com
tel: +44 (0) 870 770 5370
fax: +44 (0) 870 770 5377
email:
sales@gfi.co.uk