Overcoming USB (In)Security Michael Boman [email_address] http://michaelboman.org

Michael Boman

[email_address]

http://michaelboman.org

Agenda The Removable Storage Problem The USB Attack Vector Protecting the Organization Against Disgruntled Employees Careless Employees Malicious Individuals Question and Answers

The Removable Storage Problem

The USB Attack Vector

Protecting the Organization Against

Disgruntled Employees

Careless Employees

Malicious Individuals

Question and Answers

Agenda The Removable Storage Problem The USB Attack Vector Protecting the Organization Against Disgruntled Employees Careless Employees Malicious Individuals Question and Answers

The Removable Storage Problem

The USB Attack Vector

Protecting the Organization Against

Disgruntled Employees

Careless Employees

Malicious Individuals

Question and Answers

Lost Data In The News Laptop stolen (May 2006) Held private information on 26 million veterans Class Action Lawsuit: $1,000 for each person! October 29, 2006 – Lost CD contains personal data for more than a quarter-million hospital patients. October 30, 2006 – US Federal Homeland Security Storage Drive on the Loose

Laptop stolen (May 2006) Held private information on 26 million veterans Class Action Lawsuit: $1,000 for each person!

October 29, 2006 – Lost CD contains personal data for more than a quarter-million hospital patients.

October 30, 2006 – US Federal Homeland Security Storage Drive on the Loose

Lost Data In The News November 20, 2006 – Stolen Laptop causes warning to 11 million UK customers November 22, 2006 – Laptops with UK Police Payroll Details Stolen April. 10, 2007 – Georgia Dept. of Community Health – Disk Missing

November 20, 2006 – Stolen Laptop causes warning to 11 million UK customers

November 22, 2006 – Laptops with UK Police Payroll Details Stolen

April. 10, 2007 – Georgia Dept. of Community Health – Disk Missing

Agenda The Removable Storage Problem The USB Attack Vector Protecting the Organization Against Disgruntled Employees Careless Employees Malicious Individuals Question and Answers

The Removable Storage Problem

The USB Attack Vector

Protecting the Organization Against

Disgruntled Employees

Careless Employees

Malicious Individuals

Question and Answers

The USB Attack Vector Disgruntled Employees Copy confidential data to personal USB device(s) Sell to competitors Blackmail the company Bring your customers to the next employer

Disgruntled Employees

Copy confidential data to personal USB device(s)

Sell to competitors

Blackmail the company

Bring your customers to the next employer

The USB Attack Vector Careless Employees Storing confidential data on removable storage Which can be, and often is, lost or stolen

Careless Employees

Storing confidential data on removable storage

Which can be, and often is, lost or stolen

The USB Attack Vector Malicious Individuals Use USB devices as attack vector and toolbox as well as store stolen data on it

Malicious Individuals

Use USB devices as attack vector and toolbox as well as store stolen data on it

Agenda The Removable Storage Problem The USB Attack Vector Protecting the Organization Against Disgruntled Employees Careless Employees Malicious Individuals Question and Answers

The Removable Storage Problem

The USB Attack Vector

Protecting the Organization Against

Disgruntled Employees

Careless Employees

Malicious Individuals

Question and Answers

Protecting Against Disgruntled Employees “Just Make A Policy That Forbids USB Devices”

“Just Make A Policy That Forbids USB Devices”

USB Devices

USB Devices

USB Devices

USB Devices

USB Devices

USB Devices

USB Devices

USB Devices ? ?

USB Devices

USB Devices

Restricting USB Access Physically Disable USB ports Super-glue the USB port Encase the computer in secured cabinets Logically Disable USB ports Windows Group Policies 3 rd Party Software

Physically Disable USB ports

Super-glue the USB port

Encase the computer in secured cabinets

Logically Disable USB ports

Windows Group Policies

3 rd Party Software

Super-Glue the USB port

Encase the computers in secured cabinets

Use software to disable USB Storage Devices

Agenda The Removable Storage Problem The USB Attack Vector Protecting the Organization Against Disgruntled Employees Careless Employees Malicious Individuals Question and Answers

The Removable Storage Problem

The USB Attack Vector

Protecting the Organization Against

Disgruntled Employees

Careless Employees

Malicious Individuals

Question and Answers

Protecting Against Careless Employees What if there is valid business reasons to use USB storage devices?

Storing Data Securely Encrypt data TrueCrypt Free (Libre / Gratis) Open Source Software Cross-platform Windows Linux Various Commercial Offerings Exists

Encrypt data

TrueCrypt

Free (Libre / Gratis) Open Source Software

Cross-platform

Windows

Linux

Various Commercial Offerings Exists

DEMO Truecrypt Enable your USB Device

Truecrypt Enable your USB Device

Agenda The Removable Storage Problem The USB Attack Vector Protecting the Organization Against Disgruntled Employees Careless Employees Malicious Individuals Question and Answers

The Removable Storage Problem

The USB Attack Vector

Protecting the Organization Against

Disgruntled Employees

Careless Employees

Malicious Individuals

Question and Answers

Background Information on U3 Enabled Drives

Exploiting USB Switchblade Silently recover information from a target Windows PCs, including password hashes, LSA secrets, IP information, etc...

Switchblade

Silently recover information from a target Windows PCs, including password hashes, LSA secrets, IP information, etc...

DEMO Switchblade in Action

Switchblade in Action

Exploiting USB Hacksaw Automatically infect Windows PCs with a payload that will retrieve documents from USB drives plugged into the target machine and securely transmit them to an email account.

Hacksaw

Automatically infect Windows PCs with a payload that will retrieve documents from USB drives plugged into the target machine and securely transmit them to an email account.

DEMO Hacksaw in Action

Hacksaw in Action

Additional Hardening Disable Autorun http://support.microsoft.com/kb/155217 Unfortunately there is no patch for human stupidity Awareness Training is a MUST

Disable Autorun

http://support.microsoft.com/kb/155217

Unfortunately there is no patch for human stupidity

Awareness Training is a MUST

Agenda The Removable Storage Problem The USB Attack Vector Protecting the Organization Against Disgruntled Employees Careless Employees Malicious Individuals Question and Answers

The Removable Storage Problem

The USB Attack Vector

Protecting the Organization Against

Disgruntled Employees

Careless Employees

Malicious Individuals

Question and Answers

Q & A If you got any questions, now is the time to ask them

Thank You! Slides are available at http://michaelboman.org under Creative Commons BY-NC-SA 3.0 License

Slides are available at http://michaelboman.org under Creative Commons BY-NC-SA 3.0 License

References IntelliAdmin's USB Drive Disabler http://www.intelliadmin.com/blog/2007/01/disable-usb-flash-drives.html TrueCrypt http://www.truecrypt.org Switchblade http://www.hak5.org/wiki/USB_Switchblade Hacksaw http://www.hak5.org/wiki/USB_Hacksaw

IntelliAdmin's USB Drive Disabler http://www.intelliadmin.com/blog/2007/01/disable-usb-flash-drives.html

TrueCrypt

http://www.truecrypt.org

Switchblade

http://www.hak5.org/wiki/USB_Switchblade

Hacksaw

http://www.hak5.org/wiki/USB_Hacksaw