The Risks of Open USB Ports
The most loved and hated ports are USB ports. This Universal Serial Bus port is the most easily accessible port on IT devices. As long as you turn the device the right direction. And we have all had to flip them. Sometimes more than once. Since the invention of USB, the standard has taken off. There have been some struggles with other standards (fire wire) but, USB is the hands down winner of the port wars. Being used for many devices from MP3 Players (if you know what they are), external hard drives, keyboards, mice, and even some odd gadgets such as fans, hand warmers, and Nerf launchers.
Automatically Launching Software
With the rise in popularity so did the rise in available devices and ease of use. USB devices usually were plug and play (except early printers). You would just plug in your device and wait. Then your computer would announce to the world it sees a new device by using the horrible chime noise. Then you were off to the races. Your USB flash drive or portable hard drive is now accessible on your computer, and you can easily move files back and forth.
The issue with this during the XP era was a short-lived feature called plug and play. This feature allowed you to plug in a device and an action such as an install screen would automatically popup and be ready for you to proceed. Problem with this feature was that soon people figured out how they can use this feature to do damage. They could have scripts install malware. They could use the software to make it look like cockroaches were eating your screen or even start deleting your files. Soon Microsoft changed it to prompt the user if they want to perform an action. This left the responsibly of the program in the user’s hands, but eventually Microsoft killed the process all together. They are now required to browse to the device to start whatever program they were wanting.
An Example of USB-based Sabotage
As you can see from above once it was discovered that you can use USB devices to infect computers it started to pose some serious risks. All it took was to have an infected flash drive plugged in. This is the premise to how the Stuxnet virus started. If you are interested, I highly recommend the episode of the darknetdiaries.com that discusses this exact topic. To keep the concept as simple as possible it is believed that some organization placed infected flash drives in the parking lot of an Iranian nuclear plant hoping that one person would plug the drive into a computer. Once the flash drive was plugged into the computer it infected other computers on the network and broke equipment putting their nuclear program behind schedule.
Because this has started to pose a serious threat on an enterprise level, they started to limit the use of these devices internally. They have imposed policies that only allow certain flash drives to work on the computer or policies that only allow certain users to be able to use flash drives.
Ways To Limit Flash Drive use:
- Written Policy Should always be your first step.
- Group Policy / Local Policy
The best thing you can do is train your employees on why USB drives are a hazard to the systems. Some antiviruses with central management can block USB ports. They can control what USB ports work, what specific devices can be plugged in, etc. A server can be configured via Group Policy to block ports and prevent external data sources from accessing systems. Written policies allow for people who damage systems by disregarding these policies to be held accountable.
Even without the potential threat of malware or sabotage, flash drives can also cause other problems. I have seen faulty USB drives plugged into a computer cause crashes, prevent bootup, and lock up the computer entirely.
Leaving the ports open and allowing external USB drives can also put your data at risk. Someone could download important files onto a flash drive and take them home, sell them to competitor, or even post them online. For some companies, this can be extremely expensive, or even warrant criminal charges.
In closing, it really is best practice to secure your company’s USB ports. You should manage what devices are allowed to connect to your network. It may seem like a minor thing but truly some of the risks are too great to ignore.