1. Controlling USB Drives
And Other Removable Media
Recent news of the Stuxnet Trojan attacking Siemens systems used to control critical infrastructure and
industrial plants reminds of the necessity to control the use of USB drives and other removable media
or be prepared to accept a continuing stream of malware infections. Fortunately for users of Naknan's
Security Assistant, we've got you covered.
Security Assistant detects the insertion of USB drives and CD-ROM/DVD, as well as plug-in
removable media. Upon detection, Security Assistant immediately sends an alert to the Management
Console but does nothing else unless something on the media attempts to execute or move to the
computer. This could be a worm, Trojan, or other malicious software exploiting Microsoft's autoplay
feature, or it could be the computer user attempting to install or execute unauthorized software, such as
LimeWire. When software attempts to execute from removable media, Security Assistant intervenes
until it determines whether the software is authorized to execute from that location. If not, execution is
blocked and the software is quarantined (it disappears from the media) unless it is write-protected. If
the software is attempting to move from removable media to the computer, like a drag-and-drop or
other file copy, the software is checked to determine whether it is authorized to exist on the computer.
If not, the file copy that moved to the computer is quarantined but the source copy is ignored. In all
cases, alerts to the Security Assistant Management Console let the Security Assistant operator know
what is happening.
Security Assistant monitors only the movement or execution of software, not data files. So, any data
file, such as a Word document or Excel spreadsheet, can be opened without interference.
At present, any file can be written to the USB drive, since doing so does not present a software-based
security threat. For customers who wish to disable the ability to write to writable removable media,
Security Assistant provides that capability. For USB drives, this is easy, quick, and reliable. For
preventing writes to CD/DVD, it can be less straightforward when third party DVD burning software is
installed on the computer. It can still be done, it just requires a couple more steps to remove the third
party “burn” capability from the computer's whitelist.
It is possible to provide more options with respect to removable media, and some of those will be
coming in the first half of 2011. It's important to remember that we don't rename the USB driver, which
prevents everyone from using the USB ports (maintenance techs wouldn't like that, since they often
carry several tools on USB drives). USB drives are great conveniences, but if you're going to be secure,
you must control them; Security Assistant can give you that control.
Naknan, Inc. 281-990-0030 www.naknan.com