Stopping malware by USB

Tech Republic had an interesting security-related article last week. The article, written by Chad Perrin, briefly described the chain of events that lead to a 2008 compromise of U.S. military network security by a foreign intelligence agency. It began on a laptop in the Middle East and ended at the U.S. Military Central Command Network; the medium of choice in the attack was a USB flash drive. Perrin went on to offer some worthy tips on how to avoid the same fate.

In the early days of computers most malware entered the system by way of floppy disks. Floppy drives were ubiquitous and usually configured to be read first so using them to spread malware proved effective. Today, malware is delivered mostly through the Internet, but USB flash drives can be just as dangerous as floppy disks once were as a method to spread malware.

Perrin's first tip is to disable Autorun. In Windows XP, Autorun is enabled by default; Vista and Windows 7 default behavior is to prompt the user to allow Autorun. His next tip is to ban or severely limit flash drive use. That way no infected drive will ever come into contact with the system. If flash drive use is necessary, a computer may be set up as a dedicated malware checker that should run a non-Windows operating system and not be connected to the regular network. Blend the two methods of limiting flash drive use with a dedicated malware checker to achieve an even higher level of protection.

USB ports could be logically disabled within the operating system or physically disabled by disconnecting cables inside the computer then locking the case so they cannot be reconnected. More drastic steps include filling the USB ports with something like epoxy to render the port physically unusable.

Ron Poland is a professor in the Computer Information Systems AAS program at Clinton Community College. Poland is certified in computer repair and networking by the Computer Technology Industry Association (CompTIA). He is also a Cisco certified network assistant. Questions may be sent to him via e-mail at ron@ronpoland.com.

Vote on this Story by clicking on the Icon


Use the comment form below to begin a discussion about this content.

Sign in to comment