|
 |
|
General Information
|
Add To My Personal Library |
October 26, 2007
• Vol.29 Issue 43
Page(s) 24 in print issue
|
Safeguarding Data At The End Points
EndPointSecurity Filters Content Traveling Through USB Ports
|
 As more and more employees bring their iPods, USB sticks, and PDAs into the office, the risk of their bringing in a virus, or taking out sensitive data, rises. While firewalls and network security software filters content going in or out of the network, there is often nothing to protect against content going in or out of USB ports.
While floppies have always posed a problem, they were much more limited in their storage size and less of a threat, says Andre Muscat, director of engineering for GFI Software (www.gfi.com), which makes a range of enterprise security and monitoring products. “What has changed over the past few years is the medium. These devices can hold from 1 to 8GB—and 20GB is not far away,” says Muscat. “People might download an application without anyone knowing, breaking the licensing agreement, or bring in software that has viruses in them.”
USBs are the most common portable storage devices in companies, but they aren’t the only ones. iPods are more frequently seen in the workplace, ostensibly to play music files but with the capability to store all sorts of other data.
“I can walk out, after five minutes of copying, with virtually all of the information in the company that I have access to,” says Muscat. “An iPod can take out intellectual property that may be priceless to the company.”
Using an iPod to steal company data has become common enough to merit its own jargon, iPod slurping, in which an employee surreptitiously sucks down data onto his iPod. iPods can also bring in malware. For example, last year, Apple Computer admitted that some of its Video iPods had shipped carrying a Windows virus.
 Software Filters For USB Ports
 Disabling all USB ports is one possible defense, but it’s not very practical given how many peripherals use USB ports and the fact that many employees have a legitimate need to transfer and carry files on portable storage devices.
To address this issue, vendors such as GFI are adding endpoint security products. GFI’s product, the GFI EndPointSecurity application, controls access to a wide range of portable storage devices such as USB drives and CDs by placing a small agent on each desktop computer. It can be remotely deployed to hundreds of desktops via a central administrative screen.
When a user logs in to his or her PC, the agent queries the Active Directory server and obtains the permissions for that user. Administrators can thus set group-based policies on different portable devices, allowing some users to download or upload content to certain devices and restricting those rights for others. Users can be given read-only or full access writes on an individual basis.
“The IT administrator of a small business can’t be spending half his day trying to configure policy so people can work as they need to while, at the same time, maintaining security measures. We try very hard to make it as simple as possible to configure,” says Muscat.
He notes that compliance with data security and privacy regulations, as well as the ability to produce an audit trail of who was allowed to use what files is another good reason to manage and monitor portable device usage. The EndPointSecurity software logs the files that have been transferred to or from a portable device that has been plugged in to the network, so data managers can review user activities as needed.
A ReportPack add-on package can automatically generate different reports on endpoint security, including an overview of the blocked devices; storage device usage trends; and the top 20 users, machines, devices, and applications in terms of connection activity.
Vendors Adding Endpoint Security
Richi Jennings, senior analyst at Ferris Research, a research firm that follows the antivirus market, says that many security software vendors are augmenting their network and desktop security suites with endpoint security technology. Because most organizations already have a gateway security product installed, Jennings suggests they consider purchasing endpoint security software through their gateway vendor. “You want to have the same policies as you have for email,” he says. “Vendors who have a broad range of products produce the same policies [for all of them].”
So far, says Jennings, the malware threat USB drives and other such devices pose is still fairly low in relation to the security risks at the network gateway. Many company desktops have antivirus software installed to protect against viruses laptops bring in. Also, USB sticks are passive storage devices; they don’t activate programs automatically like CD players do. However, Jennings notes that may change with the advent of smart USB sticks that automatically execute applications when inserted into a USB port. For virus-writers, that enables them to create automated payloads that can be executed directly from the USB drive.
Add human gullibility into the mix, and the dangers of such USB sticks rise considerably. Jennings says employees are often quite careless about taking and using USB drives from strangers at trade shows or even from parking lots.
“I’ve heard of security researchers that have left these lying around, dropped them in parking lots, and the employees go and plug them in to their computers,” says Jennings. “It’s hard to stop people from doing things maliciously, but [with security software] you can stop them from doing something stupid.” 
by Sue Hildreth
GFI Software EndPointSecurity
Description: Controls access to a wide range of portable storage devices such as USB drives and CDs; provides granular control over individual or group access to files and portable devices.
Interesting fact: With a few clicks, administrators can deploy the agent to hundreds of machines, thanks to a remote deployment tool based on GFI LANguard technology.
(919) 379-3397
www.gfi.com |
GFI EndpointSecurity Features
• Installs a 1.2MB agent on client
• Logs device-related user activity to both the event log and a central SQL Server
• Allows administrators to configure group-based policies via Active Director
• Provides reports on device usage and trends
• Supports any Unicode-compliant operating system
|
|
|
