Overcoming USB (In)Security <ul><ul><li>Michael Boman </li></ul></ul><ul><ul><li>[email_address] </li></ul></ul><ul><ul><l...
Agenda <ul><li>The Removable Storage Problem </li></ul><ul><li>The USB Attack Vector </li></ul><ul><li>Protecting the Orga...
Agenda <ul><li>The Removable Storage Problem </li></ul><ul><li>The USB Attack Vector </li></ul><ul><li>Protecting the Orga...
Lost Data In The News <ul><li>Laptop stolen (May 2006) Held private information on 26 million veterans Class Action Lawsui...
Lost Data In The News <ul><li>November 20, 2006 – Stolen Laptop causes warning to 11 million UK customers </li></ul><ul><l...
Agenda <ul><li>The Removable Storage Problem </li></ul><ul><li>The USB Attack Vector </li></ul><ul><li>Protecting the Orga...
The USB Attack Vector <ul><li>Disgruntled Employees </li></ul><ul><ul><li>Copy confidential data to personal USB device(s)...
The USB Attack Vector <ul><li>Careless Employees </li></ul><ul><ul><li>Storing confidential data on removable storage </li...
The USB Attack Vector <ul><li>Malicious Individuals </li></ul><ul><ul><li>Use USB devices as attack vector and toolbox as ...
Agenda <ul><li>The Removable Storage Problem </li></ul><ul><li>The USB Attack Vector </li></ul><ul><li>Protecting the Orga...
Protecting Against Disgruntled Employees <ul><li>“Just Make A Policy That Forbids USB Devices” </li></ul>
USB Devices
USB Devices
USB Devices
USB Devices
USB Devices
USB Devices
USB Devices
USB Devices ? ?
USB Devices
USB Devices
Restricting USB Access <ul><li>Physically Disable USB ports </li></ul><ul><ul><li>Super-glue the USB port </li></ul></ul><...
Super-Glue the USB port
Encase the computers in secured cabinets
Use software to disable USB Storage Devices
Agenda <ul><li>The Removable Storage Problem </li></ul><ul><li>The USB Attack Vector </li></ul><ul><li>Protecting the Orga...
Protecting Against Careless Employees What if there is valid business reasons to use USB storage devices?
Storing Data Securely <ul><li>Encrypt data </li></ul><ul><ul><li>TrueCrypt </li></ul></ul><ul><ul><ul><li>Free (Libre / Gr...
DEMO <ul><ul><li>Truecrypt Enable your USB Device </li></ul></ul>
Agenda <ul><li>The Removable Storage Problem </li></ul><ul><li>The USB Attack Vector </li></ul><ul><li>Protecting the Orga...
Background Information on U3 Enabled Drives
Exploiting USB <ul><li>Switchblade </li></ul><ul><ul><li>Silently recover information from a target Windows PCs, including...
Exploiting USB <ul><li>Hacksaw </li></ul><ul><ul><li>Automatically infect Windows PCs with a payload that will retrieve do...
DEMO <ul><ul><li>Hacking with USB drive </li></ul></ul>
Additional Hardening <ul><li>Disable Autorun </li></ul><ul><ul><li>http://support.microsoft.com/kb/155217 </li></ul></ul><...
Don't forget Data Slurping
Agenda <ul><li>The Removable Storage Problem </li></ul><ul><li>The USB Attack Vector </li></ul><ul><li>Protecting the Orga...
Q & A <ul><ul><li>If you got any questions, now is the time to ask them </li></ul></ul>
Thank You! <ul><ul><li>Slides are available at http://michaelboman.org under Creative Commons BY-NC-SA 3.0 License </li></...
References <ul><li>IntelliAdmin's USB Drive Disabler http://www.intelliadmin.com/blog/2007/01/disable-usb-flash-drives.htm...
Upcoming SlideShare
Loading in...5
×

Overcoming USB (In)Security

2,787

Published on

This is the slides I used for my "Overcoming USB (In)Security" presentation at NextGen CyberCrime conference in Singapore

Published in: Economy & Finance, Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,787
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
194
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide
  • Ladies and Gentlemen, Thank you for having me. I understand that I am between you and your lunch, so please bear with me while I will discuss a very important problem that is often overlooked. My name is Michael Boman and I am a IT Security Researcher and Developer with over 8 years experience in the field. My day job is to think up technical solutions to improve my employer&apos;s bottom line. But for fun I research IT security and privacy issues. My current projects includes automated malware analysis and turning a standard Linksys router into a powerful detection system for attacks on the Internet. Today I will share with you my findings and opinions on the risks associated with USB storage devices and removable storage in general.
  • Overcoming USB (In)Security

    1. 1. Overcoming USB (In)Security <ul><ul><li>Michael Boman </li></ul></ul><ul><ul><li>[email_address] </li></ul></ul><ul><ul><li>http://www.michaelboman.org </li></ul></ul>
    2. 2. Agenda <ul><li>The Removable Storage Problem </li></ul><ul><li>The USB Attack Vector </li></ul><ul><li>Protecting the Organization Against </li></ul><ul><ul><li>Disgruntled Employees </li></ul></ul><ul><ul><li>Careless Employees </li></ul></ul><ul><ul><li>Malicious Individuals </li></ul></ul><ul><li>Question and Answers </li></ul>
    3. 3. Agenda <ul><li>The Removable Storage Problem </li></ul><ul><li>The USB Attack Vector </li></ul><ul><li>Protecting the Organization Against </li></ul><ul><ul><li>Disgruntled Employees </li></ul></ul><ul><ul><li>Careless Employees </li></ul></ul><ul><ul><li>Malicious Individuals </li></ul></ul><ul><li>Question and Answers </li></ul>
    4. 4. Lost Data In The News <ul><li>Laptop stolen (May 2006) Held private information on 26 million veterans Class Action Lawsuit: $1,000 for each person! </li></ul><ul><li>October 29, 2006 – Lost CD contains personal data for more than a quarter-million hospital patients. </li></ul><ul><li>October 30, 2006 – US Federal Homeland Security Storage Drive on the Loose </li></ul>
    5. 5. Lost Data In The News <ul><li>November 20, 2006 – Stolen Laptop causes warning to 11 million UK customers </li></ul><ul><li>November 22, 2006 – Laptops with UK Police Payroll Details Stolen </li></ul><ul><li>April. 10, 2007 – Georgia Dept. of Community Health – Disk Missing </li></ul>
    6. 6. Agenda <ul><li>The Removable Storage Problem </li></ul><ul><li>The USB Attack Vector </li></ul><ul><li>Protecting the Organization Against </li></ul><ul><ul><li>Disgruntled Employees </li></ul></ul><ul><ul><li>Careless Employees </li></ul></ul><ul><ul><li>Malicious Individuals </li></ul></ul><ul><li>Question and Answers </li></ul>
    7. 7. The USB Attack Vector <ul><li>Disgruntled Employees </li></ul><ul><ul><li>Copy confidential data to personal USB device(s) </li></ul></ul><ul><ul><ul><li>Sell to competitors </li></ul></ul></ul><ul><ul><ul><li>Blackmail the company </li></ul></ul></ul><ul><ul><ul><li>Bring your customers to the next employer </li></ul></ul></ul>
    8. 8. The USB Attack Vector <ul><li>Careless Employees </li></ul><ul><ul><li>Storing confidential data on removable storage </li></ul></ul><ul><ul><ul><li>Which can be, and often is, lost or stolen </li></ul></ul></ul>
    9. 9. The USB Attack Vector <ul><li>Malicious Individuals </li></ul><ul><ul><li>Use USB devices as attack vector and toolbox as well as store stolen data on it </li></ul></ul>
    10. 10. Agenda <ul><li>The Removable Storage Problem </li></ul><ul><li>The USB Attack Vector </li></ul><ul><li>Protecting the Organization Against </li></ul><ul><ul><li>Disgruntled Employees </li></ul></ul><ul><ul><li>Careless Employees </li></ul></ul><ul><ul><li>Malicious Individuals </li></ul></ul><ul><li>Question and Answers </li></ul>
    11. 11. Protecting Against Disgruntled Employees <ul><li>“Just Make A Policy That Forbids USB Devices” </li></ul>
    12. 12. USB Devices
    13. 13. USB Devices
    14. 14. USB Devices
    15. 15. USB Devices
    16. 16. USB Devices
    17. 17. USB Devices
    18. 18. USB Devices
    19. 19. USB Devices ? ?
    20. 20. USB Devices
    21. 21. USB Devices
    22. 22. Restricting USB Access <ul><li>Physically Disable USB ports </li></ul><ul><ul><li>Super-glue the USB port </li></ul></ul><ul><ul><li>Encase the computer in secured cabinets </li></ul></ul><ul><li>Logically Disable USB ports </li></ul><ul><ul><li>Windows Group Policies </li></ul></ul><ul><ul><li>3rd Party Software </li></ul></ul>
    23. 23. Super-Glue the USB port
    24. 24. Encase the computers in secured cabinets
    25. 25. Use software to disable USB Storage Devices
    26. 26. Agenda <ul><li>The Removable Storage Problem </li></ul><ul><li>The USB Attack Vector </li></ul><ul><li>Protecting the Organization Against </li></ul><ul><ul><li>Disgruntled Employees </li></ul></ul><ul><ul><li>Careless Employees </li></ul></ul><ul><ul><li>Malicious Individuals </li></ul></ul><ul><li>Question and Answers </li></ul>
    27. 27. Protecting Against Careless Employees What if there is valid business reasons to use USB storage devices?
    28. 28. Storing Data Securely <ul><li>Encrypt data </li></ul><ul><ul><li>TrueCrypt </li></ul></ul><ul><ul><ul><li>Free (Libre / Gratis) Open Source Software </li></ul></ul></ul><ul><ul><ul><li>Cross-platform </li></ul></ul></ul><ul><ul><ul><ul><li>Windows </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Linux </li></ul></ul></ul></ul><ul><ul><li>Various Commercial Offerings Exists </li></ul></ul>
    29. 29. DEMO <ul><ul><li>Truecrypt Enable your USB Device </li></ul></ul>
    30. 30. Agenda <ul><li>The Removable Storage Problem </li></ul><ul><li>The USB Attack Vector </li></ul><ul><li>Protecting the Organization Against </li></ul><ul><ul><li>Disgruntled Employees </li></ul></ul><ul><ul><li>Careless Employees </li></ul></ul><ul><ul><li>Malicious Individuals </li></ul></ul><ul><li>Question and Answers </li></ul>
    31. 31. Background Information on U3 Enabled Drives
    32. 32. Exploiting USB <ul><li>Switchblade </li></ul><ul><ul><li>Silently recover information from a target Windows PCs, including password hashes, LSA secrets, IP information, etc... </li></ul></ul>
    33. 33. Exploiting USB <ul><li>Hacksaw </li></ul><ul><ul><li>Automatically infect Windows PCs with a payload that will retrieve documents from USB drives plugged into the target machine and securely transmit them to an email account. </li></ul></ul>
    34. 34. DEMO <ul><ul><li>Hacking with USB drive </li></ul></ul>
    35. 35. Additional Hardening <ul><li>Disable Autorun </li></ul><ul><ul><li>http://support.microsoft.com/kb/155217 </li></ul></ul><ul><li>Unfortunately there is no patch for human stupidity </li></ul><ul><ul><li>Awareness Training is a MUST </li></ul></ul>
    36. 36. Don't forget Data Slurping
    37. 37. Agenda <ul><li>The Removable Storage Problem </li></ul><ul><li>The USB Attack Vector </li></ul><ul><li>Protecting the Organization Against </li></ul><ul><ul><li>Disgruntled Employees </li></ul></ul><ul><ul><li>Careless Employees </li></ul></ul><ul><ul><li>Malicious Individuals </li></ul></ul><ul><li>Question and Answers </li></ul>
    38. 38. Q & A <ul><ul><li>If you got any questions, now is the time to ask them </li></ul></ul>
    39. 39. Thank You! <ul><ul><li>Slides are available at http://michaelboman.org under Creative Commons BY-NC-SA 3.0 License </li></ul></ul>
    40. 40. References <ul><li>IntelliAdmin's USB Drive Disabler http://www.intelliadmin.com/blog/2007/01/disable-usb-flash-drives.html </li></ul><ul><li>TrueCrypt </li></ul><ul><li>http://www.truecrypt.org </li></ul><ul><li>Switchblade </li></ul><ul><li>http://www.hak5.org/wiki/USB_Switchblade </li></ul><ul><li>Hacksaw </li></ul><ul><li>http://www.hak5.org/wiki/USB_Hacksaw </li></ul>
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×