The Problem of Ad-Hoc Storage and Connections

Opinion: In another case of technology running ahead of security, mobile devices and wireless connections can infiltrate a network and pose threats. But software is available to manage the problem.

Recently I got an ad for a 2GB USB flash key for $29.99 (after rebate) and saw an announcement of a 16GB key in the works.

16GB! Its not too long ago that such capacities were stunning even for hard disks. Pretty soon youll get a key like that in your box of Rice Krispies. Maybe when you put it in the computer the autoplay file will make a "Snap! Crackle! Pop!" noise.

The cereal box example is not at all ridiculous, and underscores a problem about ad-hoc connections todays computers make. From USB drives to WiFi connections to Bluetooth, even infra-red, were connecting our computers in all sorts of ways that were not controlling well.

And many of these technologies are more vulnerable than theyre supposed to be. Consider Bluetooth, that long-underachieving standard for short-distance wireless connections. Initially the idea was that it would replace all the cables on and around your computer. The only successful niche it really has is connecting cell phones to PCs and headsets.

It turns out that the Bluetooths short range only applies to omnidirectional signals. When you create a directional signal with some power behind it, such as the BlueSniper Bluetooth Rifle from Flexilis, you can compromise a Bluetooth device from over a mile away.

As Ive mentioned many times in the past, its easy to come up with scenarios where a computer can be compromised, or data stolen off of it, by someone plugging in a USB key when the user isnt looking. The key could be removed quickly, but perhaps not. If the key is not easily visible, such as in the back of a desktop system under a desk, you could leave it in for a day or two, slowly copying data until its manually retrieved, once again when the user isnt looking. Copying files isnt usually considered a malicious activity, so anti-virus and firewall software probably wont complain. Of course, Ive only touched on the number of devices that could pose a problem; dont forget digital cameras, PDAs and, of course, that iPod.

28571.gif

Check out eWEEK.coms for the latest news, reviews and analysis on mobile and wireless computing.

Thats why many companies are building products to protect such connections. Even Windows Vista will contain some rudimentary protection, in the form of an on/off switch for removable storage. The granddaddy of such systems is Safend, which just released their Safend Protector version 3.0. Others include Securewave and Reflex Magnetics.

Safend emphasizes management flexibility and self-defense. The management flexibility manifests as granularity in what is blocked and for which users. You can specify, for example, that certain classes of devices are blocked, but you can whitelist devices with specific serial numbers (like your own iPod for example ;)). Management is integrated with Active Directory, exactly the way it should be.

Version 3 adds controls for WiFi beyond what your management system may allow. It logs files by name moving into and out of the system by various devices, which greatly aids forensic efforts. It integrates with Ciscos NAC (Network Access Control) so that you can make Safend protection a prerequisite for network access. It also adds protection against hardware keyloggers and buffer overflows from physical devices.

Self-defense means that the Safend agent itself is hardened against interference and attack, which is an interesting phenomenon. Anti-virus software has had to work hard at this for years, as malware often attempts to disable it in various ways, from deleting files or Windowss settings to load it, or changing the HOSTS file so that the software cant update itself.

You might get the sense that Safend Protector is redundant in many ways, and so it is. Redundancy in this case is a very good thing, as primary defenses are often breached by new malware, user sloppiness and other unpleasant facts of life. Protector also provides many unique forms of protection and centralizes the management of it in ways that protect the administrator.

Windows is a rough neighborhood. Not only do you have to defend your network against something as innocent-looking as an MP3 player, but you have to defend your security software against it. But products like Safend underscore the important truth that those who are vigilant about security have the upper hand.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

More from Larry Seltzer

28571.gif

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.