USB (In)Security 2008-08-22

50 %
50 %
Information about USB (In)Security 2008-08-22
Technology

Published on November 10, 2008

Author: mboman

Source: slideshare.net

Description

How USB can be abused to steal data from the organization or plant backdoors, and how it can be avoided. Original broadcast date: 2008-08-22

Overcoming USB (In)Security Michael Boman [email_address] http://michaelboman.org

Michael Boman

[email_address]

http://michaelboman.org

Agenda The Removable Storage Problem The USB Attack Vector Protecting the Organization Against Disgruntled Employees Careless Employees Malicious Individuals Question and Answers

The Removable Storage Problem

The USB Attack Vector

Protecting the Organization Against

Disgruntled Employees

Careless Employees

Malicious Individuals

Question and Answers

Agenda The Removable Storage Problem The USB Attack Vector Protecting the Organization Against Disgruntled Employees Careless Employees Malicious Individuals Question and Answers

The Removable Storage Problem

The USB Attack Vector

Protecting the Organization Against

Disgruntled Employees

Careless Employees

Malicious Individuals

Question and Answers

Lost Data In The News Laptop stolen (May 2006) Held private information on 26 million veterans Class Action Lawsuit: $1,000 for each person! October 29, 2006 – Lost CD contains personal data for more than a quarter-million hospital patients. October 30, 2006 – US Federal Homeland Security Storage Drive on the Loose

Laptop stolen (May 2006) Held private information on 26 million veterans Class Action Lawsuit: $1,000 for each person!

October 29, 2006 – Lost CD contains personal data for more than a quarter-million hospital patients.

October 30, 2006 – US Federal Homeland Security Storage Drive on the Loose

Lost Data In The News November 20, 2006 – Stolen Laptop causes warning to 11 million UK customers November 22, 2006 – Laptops with UK Police Payroll Details Stolen April. 10, 2007 – Georgia Dept. of Community Health – Disk Missing

November 20, 2006 – Stolen Laptop causes warning to 11 million UK customers

November 22, 2006 – Laptops with UK Police Payroll Details Stolen

April. 10, 2007 – Georgia Dept. of Community Health – Disk Missing

Agenda The Removable Storage Problem The USB Attack Vector Protecting the Organization Against Disgruntled Employees Careless Employees Malicious Individuals Question and Answers

The Removable Storage Problem

The USB Attack Vector

Protecting the Organization Against

Disgruntled Employees

Careless Employees

Malicious Individuals

Question and Answers

The USB Attack Vector Disgruntled Employees Copy confidential data to personal USB device(s) Sell to competitors Blackmail the company Bring your customers to the next employer

Disgruntled Employees

Copy confidential data to personal USB device(s)

Sell to competitors

Blackmail the company

Bring your customers to the next employer

The USB Attack Vector Careless Employees Storing confidential data on removable storage Which can be, and often is, lost or stolen

Careless Employees

Storing confidential data on removable storage

Which can be, and often is, lost or stolen

The USB Attack Vector Malicious Individuals Use USB devices as attack vector and toolbox as well as store stolen data on it

Malicious Individuals

Use USB devices as attack vector and toolbox as well as store stolen data on it

Agenda The Removable Storage Problem The USB Attack Vector Protecting the Organization Against Disgruntled Employees Careless Employees Malicious Individuals Question and Answers

The Removable Storage Problem

The USB Attack Vector

Protecting the Organization Against

Disgruntled Employees

Careless Employees

Malicious Individuals

Question and Answers

Protecting Against Disgruntled Employees “Just Make A Policy That Forbids USB Devices”

“Just Make A Policy That Forbids USB Devices”

USB Devices

USB Devices

USB Devices

USB Devices

USB Devices

USB Devices

USB Devices

USB Devices ? ?

USB Devices

USB Devices

Restricting USB Access Physically Disable USB ports Super-glue the USB port Encase the computer in secured cabinets Logically Disable USB ports Windows Group Policies 3 rd Party Software

Physically Disable USB ports

Super-glue the USB port

Encase the computer in secured cabinets

Logically Disable USB ports

Windows Group Policies

3 rd Party Software

Super-Glue the USB port

Encase the computers in secured cabinets

Use software to disable USB Storage Devices

Agenda The Removable Storage Problem The USB Attack Vector Protecting the Organization Against Disgruntled Employees Careless Employees Malicious Individuals Question and Answers

The Removable Storage Problem

The USB Attack Vector

Protecting the Organization Against

Disgruntled Employees

Careless Employees

Malicious Individuals

Question and Answers

Protecting Against Careless Employees What if there is valid business reasons to use USB storage devices?

Storing Data Securely Encrypt data TrueCrypt Free (Libre / Gratis) Open Source Software Cross-platform Windows Linux Various Commercial Offerings Exists

Encrypt data

TrueCrypt

Free (Libre / Gratis) Open Source Software

Cross-platform

Windows

Linux

Various Commercial Offerings Exists

DEMO Truecrypt Enable your USB Device

Truecrypt Enable your USB Device

Agenda The Removable Storage Problem The USB Attack Vector Protecting the Organization Against Disgruntled Employees Careless Employees Malicious Individuals Question and Answers

The Removable Storage Problem

The USB Attack Vector

Protecting the Organization Against

Disgruntled Employees

Careless Employees

Malicious Individuals

Question and Answers

Background Information on U3 Enabled Drives

Exploiting USB Switchblade Silently recover information from a target Windows PCs, including password hashes, LSA secrets, IP information, etc...

Switchblade

Silently recover information from a target Windows PCs, including password hashes, LSA secrets, IP information, etc...

DEMO Switchblade in Action

Switchblade in Action

Exploiting USB Hacksaw Automatically infect Windows PCs with a payload that will retrieve documents from USB drives plugged into the target machine and securely transmit them to an email account.

Hacksaw

Automatically infect Windows PCs with a payload that will retrieve documents from USB drives plugged into the target machine and securely transmit them to an email account.

DEMO Hacksaw in Action

Hacksaw in Action

Additional Hardening Disable Autorun http://support.microsoft.com/kb/155217 Unfortunately there is no patch for human stupidity Awareness Training is a MUST

Disable Autorun

http://support.microsoft.com/kb/155217

Unfortunately there is no patch for human stupidity

Awareness Training is a MUST

Agenda The Removable Storage Problem The USB Attack Vector Protecting the Organization Against Disgruntled Employees Careless Employees Malicious Individuals Question and Answers

The Removable Storage Problem

The USB Attack Vector

Protecting the Organization Against

Disgruntled Employees

Careless Employees

Malicious Individuals

Question and Answers

Q & A If you got any questions, now is the time to ask them

Thank You! Slides are available at http://michaelboman.org under Creative Commons BY-NC-SA 3.0 License

Slides are available at http://michaelboman.org under Creative Commons BY-NC-SA 3.0 License

References IntelliAdmin's USB Drive Disabler http://www.intelliadmin.com/blog/2007/01/disable-usb-flash-drives.html TrueCrypt http://www.truecrypt.org Switchblade http://www.hak5.org/wiki/USB_Switchblade Hacksaw http://www.hak5.org/wiki/USB_Hacksaw

IntelliAdmin's USB Drive Disabler http://www.intelliadmin.com/blog/2007/01/disable-usb-flash-drives.html

TrueCrypt

http://www.truecrypt.org

Switchblade

http://www.hak5.org/wiki/USB_Switchblade

Hacksaw

http://www.hak5.org/wiki/USB_Hacksaw

Add a comment

Related presentations

Related pages

Lost on USB drive: Confidential data on ... - Naked Security

The Daily Telegraph is just one of the newspapers reporting this morning the latest in a string of recent data loss incidents to have struck the British ...
Read more

Full Disk Encryption Missing On USB Memory Stick: UK Home ...

About sang_lee Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services ...
Read more

Brazilian charged with selling access to 100,000 PC botnet ...

Brazilian charged with selling access to ... Previous: Lost on USB ... another hacker exploits their lack of security and uses them for the ...
Read more

Serials & keys - unlocks the world

Silver Key Free Edition USB 4.8.3: ... 2008-08-22 :: 11 Norton 360 ... Architect 1.1.83.9982 systemcare Bitdefender Internet Security 2016 sql server 2012 ...
Read more

How to Use Your Android Phone as a Portable Wi-Fi Hotspot

Learn how to share your Android phone's data connection ... single computer using a USB ... security level, router name (SSID ...
Read more

August | 2008 | Hey, Scripting Guy! Blog

I have a USB drive that I use ... 2008 July 4, 2015 by ... registry Richard Siddaway running Scripting Guy! scripting techniques Scripting Wife Sean ...
Read more

Kaspersky Lab Forum > KIS2009, BSOD Relating to USB Devices

BSOD happened with me every time i use my flash USB drive only after windows security update of ... 7.08.2008 08:22. QUOTE ... I just used a usb ...
Read more

www.ipfire.org - Welcome to IPFire

Network Security. IPFire is designed for high security. It is hardened to protect itself from attacks from the network. Performance. IPFire is ready for ...
Read more