[Dshield] Security question re:removable USB drives

Richard Roy RoyR at justicetrax.com
Wed Jul 16 14:43:48 GMT 2003


Except for size? Sure when compared to DVD's.
I've seen 1gig and 2 gig models (albeit they were rather pricey) but
that's enough size to back up a small DB then zip it and take it home.
It's certainly enough size to take home some software programs even a
whole .iso
Worst, as someone else already pointed out, some systems will even boot
to them.  Put a few *nix tools on there and bingo you can get right into
loads of Win systems.  Scarey.


-----Original Message-----
From: Mrcorp [mailto:mrcorp at yahoo.com] 
Sent: Tuesday, July 15, 2003 3:21 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Security question re:removable USB drives


The problem with the encryption on these in the corporate world is that
there is no key management or recovery.  So if an employee leaves, they
keep the data, or if they forget the pass or it becomes corrupt, then
what.  Start with a data classification plan.  Now critical or
confidential data should be stored on them.  They are about as big a
threat as writable cd's or floppies, except for size.

Good luck,

Mrcorp
--- Sean Waddell <swaddell at espgroup.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> there are a couple of USB devices out there that utilize security via 
> fingerprint recognition.  it will 'encrypt' your protected files and 
> only allow access after fingerprint is given. i can't speak for their 
> accuracy nor how good their protection is, but here are a couple of 
> sites to start with.
> 
> www.chirson.co.uk/picobio.html 
> www.clip-drive.com/product_clipdrive_bio.htm
> www.milsongray.com/Pages/HTML/Bioslim.htm
> 
> 
> keep in mind that having strong policies in place regarding the proper

> handling of company documents is a good place to start.  if the files 
> are that sensitive you might not want to be taking them out of the 
> office to begin with.
> 
> Sean Waddell
> Operations Manager
> The ESP Group
> 
> Richard Roy wrote:
> | I hope this is not too far off topic, but we have been getting a lot

> | of user who want to use the portable USB drives,  the ones that fit 
> | on the key chain and hold 128, 256, 512, etc of storage.  I'm 
> | conserned about what they are storing there and how to protect it.  
> | If they lose the key and it contains company information that could 
> | be a terrible loss for us in the wrong hands.  What are other admins

> | doing about these devices? Understand we do not want to interfere 
> | with an employee who takes a little work home to get it done faster 
> | or takes an off site backup of some critical information to their 
> | job, but....there has to be a way to, at least, encrypt the data 
> | contents, etc.
> |
> | Welome to any and all suggestions, stories, policies, etc.  If you 
> | feel this is off list, then please reply to me off list.
> |
> | Thanks,
> |
> | Richard Roy
> | Network Administrator
> | JusticeTrax Inc
> | 602-938-0059 x102
> | royr at justicetrax.com
> |
> | _______________________________________________
> | list mailing list
> | list at dshield.org
> | To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
> 
> 
> 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6-2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iEYEARECAAYFAj8UaycACgkQOIWxvKjSPR9nuACgyHMT93/nl8MsK3a/fs1RKKST
> au4An26m2x0liJQOsG9aYqKBjrCkuldM
> =T2ic
> -----END PGP SIGNATURE-----
> 
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list