2000, and their use is increasing exponentially. The consequences of losing drives loaded with such information can be significant, including the loss of customer data, financial information, business plans and other confidential information, with the associated risk of reputation damage. The large storage capacity of USB flash drives relative to pen drive information pdf small size and low cost means that using them for data storage without adequate operational and logical controls may pose a serious threat to information availability, confidentiality and integrity.
Storage: USB flash drives are hard to track physically, being stored in bags, backpacks, laptop cases, jackets, trouser pockets or left at unattended workstations. While many enterprises have strict management policies toward USB drives and some companies ban them outright to minimize risk, others seem unaware of the risks these devices pose to system security. USB flash drives with US Army classified military information were up for sale at a bazaar outside Bagram, Afghanistan. Today, USB flash drives perform the same data and software storage and transfer role as the floppy disk, often used to transfer files between computers which may be on different networks, in different offices, or owned by different people. This has made USB flash drives a leading form of information system infection. When a piece of malware gets onto a USB flash drive, it may infect the devices into which that drive is subsequently plugged.
600 million systems worldwide in the first half of 2011. That finding was in line with other statistics, such as the monthly reporting of most commonly detected malware by antivirus company ESET, which lists abuse of autorun. The default Autorun setting in Windows versions prior to Windows 7 will automatically run a program listed in the autorun. Many types of malware copy themselves to removable storage devices: while this is not always the program’s primary distribution mechanism, malware authors often build in additional infection techniques. Since the security of the physical drive cannot be guaranteed without compromising the benefits of portability, security measures are primarily devoted to making the data on a compromised drive inaccessible to unauthorized users and unauthorized processes, such as may be executed by malware. USB drive to be encrypted automatically and transparently.
Additional software can be installed on an external USB drive to prevent access to files in case the drive becomes lost or stolen. Installing software on company computers may help track and minimize risk by recording the interactions between any USB drive and the computer and storing them in a centralized database. Some USB drives utilize hardware encryption in which microchips within the USB drive provide automatic and transparent encryption. Some manufacturers offer drives that require a pin code to be entered into a physical keypad on the device before allowing access to the drive. The cost of these USB drives can be significant but is starting to fall due to this type of USB drive gaining popularity.
Hardware systems may offer additional features, such as the ability to automatically overwrite the contents of the drive if the wrong password is entered more than a certain number of times. This type of functionality cannot be provided by a software system since the encrypted data can simply be copied from the drive. However, this form of hardware security can result in data loss if activated accidentally by legitimate users and strong encryption algorithms essentially make such functionality redundant. The security of encrypted flash drives is constantly tested by individual hackers as well as professional security firms. All of the above companies reacted immediately.
Kingston offered replacement drives with a different security architecture. IT asset control, significantly reducing the risks of a harmful data breach. This can include initial user deployment and ongoing management, password recovery, data backup, remote tracking of sensitive data and termination of any issued secure USB drives. Internet connectivity is allowed, or as behind-the-firewall solutions. Moving confidential data requires encryption. European Union Agency for Network and Information Security.
Microsoft Security Intelligence Report Volume 11, January-June, 2011. Global Threat Report, December 2011. Derek Bem and Ewa Huebner, Small Scale Digital Device Forensics Journal, Vol. 2010, Joseph Unsworth, Gartner, 20 November 2006. This page was last edited on 23 November 2017, at 14:50. Unsourced material may be challenged and removed.