The Problem of Ad-Hoc Storage and Connections

 
 
By Larry Seltzer  |  Posted 2006-09-11 Email Print this article Print
 
 
 
 
 
 
 

Opinion: In another case of technology running ahead of security, mobile devices and wireless connections can infiltrate a network and pose threats. But software is available to manage the problem.

Recently I got an ad for a 2GB USB flash key for $29.99 (after rebate) and saw an announcement of a 16GB key in the works.

16GB! Its not too long ago that such capacities were stunning even for hard disks. Pretty soon youll get a key like that in your box of Rice Krispies. Maybe when you put it in the computer the autoplay file will make a "Snap! Crackle! Pop!" noise.

The cereal box example is not at all ridiculous, and underscores a problem about ad-hoc connections todays computers make. From USB drives to WiFi connections to Bluetooth, even infra-red, were connecting our computers in all sorts of ways that were not controlling well.

And many of these technologies are more vulnerable than theyre supposed to be. Consider Bluetooth, that long-underachieving standard for short-distance wireless connections. Initially the idea was that it would replace all the cables on and around your computer. The only successful niche it really has is connecting cell phones to PCs and headsets.

It turns out that the Bluetooths short range only applies to omnidirectional signals. When you create a directional signal with some power behind it, such as the BlueSniper Bluetooth Rifle from Flexilis, you can compromise a Bluetooth device from over a mile away.

As Ive mentioned many times in the past, its easy to come up with scenarios where a computer can be compromised, or data stolen off of it, by someone plugging in a USB key when the user isnt looking. The key could be removed quickly, but perhaps not. If the key is not easily visible, such as in the back of a desktop system under a desk, you could leave it in for a day or two, slowly copying data until its manually retrieved, once again when the user isnt looking. Copying files isnt usually considered a malicious activity, so anti-virus and firewall software probably wont complain. Of course, Ive only touched on the number of devices that could pose a problem; dont forget digital cameras, PDAs and, of course, that iPod.

Check out eWEEK.coms for the latest news, reviews and analysis on mobile and wireless computing.

Thats why many companies are building products to protect such connections. Even Windows Vista will contain some rudimentary protection, in the form of an on/off switch for removable storage. The granddaddy of such systems is Safend, which just released their Safend Protector version 3.0. Others include Securewave and Reflex Magnetics.

Safend emphasizes management flexibility and self-defense. The management flexibility manifests as granularity in what is blocked and for which users. You can specify, for example, that certain classes of devices are blocked, but you can whitelist devices with specific serial numbers (like your own iPod for example ;)). Management is integrated with Active Directory, exactly the way it should be.

Version 3 adds controls for WiFi beyond what your management system may allow. It logs files by name moving into and out of the system by various devices, which greatly aids forensic efforts. It integrates with Ciscos NAC (Network Access Control) so that you can make Safend protection a prerequisite for network access. It also adds protection against hardware keyloggers and buffer overflows from physical devices.

Self-defense means that the Safend agent itself is hardened against interference and attack, which is an interesting phenomenon. Anti-virus software has had to work hard at this for years, as malware often attempts to disable it in various ways, from deleting files or Windowss settings to load it, or changing the HOSTS file so that the software cant update itself.

You might get the sense that Safend Protector is redundant in many ways, and so it is. Redundancy in this case is a very good thing, as primary defenses are often breached by new malware, user sloppiness and other unpleasant facts of life. Protector also provides many unique forms of protection and centralizes the management of it in ways that protect the administrator.

Windows is a rough neighborhood. Not only do you have to defend your network against something as innocent-looking as an MP3 player, but you have to defend your security software against it. But products like Safend underscore the important truth that those who are vigilant about security have the upper hand.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. More from Larry Seltzer Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
 
 
 
 
Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel