Saturday, January 19, 2008

Mind your USB

For all the latest in expensive security software and peripherals that money can acquire, enterprises inevitably still miss some security holes. It might surprise you, but one security hole often missed out by security managers is the humble universal serial bus (USB) port.

Designed as the interface solution for a legacy-free PC, a USB can connect a mind-boggling number of computer peripherals, including mouse devices, keyboards, gamepads, joysticks, scanners, printers, and flash drives. And the list goes on.

Available on just about every computing device, the USB port has become ubiquitous. It can, however, be a security bane for the enterprise.

For an illustration of just how someone could exploit an enterprise workstation via its USB port, we can turn to a true story I read recently. You can read about it in this free white paper (Registration needed). Read on and you tell me how plausible it sounds.

Basically, an IT security officer at a U.S.-based company purchased a handful of memory sticks. He loaded some software on them and went ahead and scattered them around the company’s parking lot.

To cut a long story short, several employees found the memory sticks and took them back to their work terminals. They then plugged them into their PCs and laptops, found the software, and ran it “just to see what it does.”

Now, it would hardly be legal, but think about just how trivial it would be to load a malware or keylogger into the USB-based flash drive instead and repeat the same exercise at a competitor’s car park?

“But we have antivirus scanners!” you cry.

Just how hard is it to code a custom malware, first testing it against the most popular antivirus scanners to verify that their puny heuristic engines don’t sound the alarm on your nefarious executable? In fact, if you’re a good programmer, you can probably up the ante by encrypting your network data when reporting home. Bravo if you piggyback it on an anonymizing network such as TOR for further obfuscation.

All is not lost however. There are some practical steps you can take to mitigate some of the threat:

  • Where possible, disable USB ports.
  • Where possible, don’t let your users run as root or administrator.
  • Disable the Autorun feature on removable drives.
  • Compartmentalize your LAN into different VLANs.
  • Deploy white-listing technology to complement antivirus scanners.

In the future, I’ll elaborate on some of these items, so stay tuned.

Posted by at 1 comment:

Wednesday, January 16, 2008

FINAL JUDGEMENT

Thanks to you all for your comments...

In Redeemer's University, there has been a wave of expulsion. Today on the school's notice board, nine names were pasted...expelled for "gross misconduct".

Students could be found in corners discussing the issue. From what I heard from some, "street gossips", these students were expelled for various issues like missing script, examination malpractice and the said gross misconduct.

According to a student, the registrar's office has a lottery machine, they roll it at specific times and pick names from it...make an announcement...EXPEL. What a grate judgment.
Posted by at No comments:

Sunday, January 13, 2008

Butane palava

Do you know how sometimes someone can transfer his aggression on you simply because you asked him a simple question? That was the experience i found myself in a few days ago. I was going back to my hall of residence, there was no vehicular transport and so i decided to patronize the okada men that make "a good" living out of students' inability to come to school with their cars.
Normally, a crazy rate of fifty naira is charged to take me to my location. bla, bla bla
I approached this okada man and next he would say was one hundred naira, so playfully i asked him are you using butane gas or fuel and his answer was "your father". I was very certain my father was in bed at that time of the night and so that was actually getting me infuriated when the guy added this "...you will never make it in life". All of this simply because i have refused to join him on his bike.
Knowing the rules guiding the environs i found myself, i knew i could not beat him up because that was what was on my mind to do, i decided to follow him whit my mouth which i am just developing.
So i said "...look at you, you are an epitome of poverty... i am made you are not and you can never be...you will continue riding okada till you die..."
That was actually to much for the crazy guy, he replied me "... can you afford 80,000 i bought this bike at that price..."
At this point, it dawned on me that this guy has a low perspective and must actually be frustrated, so i replied him "... proof of poverty, i will buy this bike and give you money to fuel it..."
This actually made him mad, so he said, bringing out his id "... i am a bla bla bla security officer... i will make sure i deal with you when you are in trouble..."
This is supposed to be a problem because he is a security officer in this my environment, but i knew that from the beginning so i was not surprised or shocked, so i replied him "...you will die here as a security man. i will give you a job securing my dog in a few years time..."
My friends came and pushed me away. This guy will wait his balls out for me to fall into trouble... i'm too busy for that. Is he not a fool? Poverty is actually a disease.
Posted by at No comments:
Subscribe to: Comments (Atom)
 
Google