CASES.LU

Glossary

  1. ▹ Antivirus
  2. ▹ Assets
  3. ▹ Authentication
  4. ▹ Availability
  5. ▹ Basic criteria for risk analysis
  6. ▹ Computer Hacks
  7. ▹ Confidentiality
  8. ▹ Control
  9. ▹ Cryptography
  10. ▹ Cybercrime
  11. ▹ Cybercriminals
  12. ▹ DRP – Disaster Recovery Plan
  13. ▹ Data backups
  14. ▹ Data loss
  15. ▹ Defacement
  16. ▹ Disinfect machine with a live CD
  17. ▹ Disposal
  18. ▹ Email
  19. ▹ Firewall
  20. ▹ Human error
  21. ▹ IDS/IPS
  22. ▹ Image rights
  23. ▹ Impact
  24. ▹ Integrity
  25. ▹ Internet and copyright
  26. ▹ Legal Aspects
  27. ▹ LuxTrust
  28. ▹ Malicious Codes
  29. ▹ Malicious websites
  30. ▹ Network segmentation
  31. ▹ Password
  32. ▹ Patches
  33. ▹ Phishing
  34. ▹ Physical faults
  35. ▹ Securing a fixed workstation
  36. ▹ Physical theft
  37. ▹ Recommendations for securing a file server
  38. ▹ Recommendations to secure a server connected to Internet
  39. ▹ Recommendations to secure a Web server
  40. ▹ Removable devices
  41. ▹ Risk processing
  42. ▹ Spam – unwanted emails
  43. ▹ SSL/TLS – encryption technologies on the web
  44. ▹ Update softwares with Secunia PSI
  45. ▹ Security Charter
  46. ▹ Social engineering
  47. ▹ Threat
  48. ▹ Virtual Private Networks (VPNs)
  49. ▹ Vulnerabilities
  50. ▹ Web of Trust - WOT
  51. ▹ Web filter – Proxy
  52. ▹ Why is it important to protect your computer?

Removable devices

In brief

Removable storage media are data storage media which, as their name would indicate, can be transferred from one computer to another. They will typically be optical discs, such as CDs or DVDs, but they can also be external hard drives, memory sticks and more. Because of their portability, these storage media can represent a security breach for your network.

Introduction of malicious software (malware)

Some malware specialises in spreading itself by USB stick or external hard drive. Generally speaking, it uses Windows “autorun”. This automatically executes an application when the stick or hard drive is connected.

Although Microsoft changed the default behaviour when it released a patch, meaning that the “autorun” should no longer be activated by default, it is recommended to take care when using memory sticks:

  • pay particular attention to computers you use with these sticks or drives; a publicly-accessible computer which is often used with different sticks has much more chance of being infected, and therefore infect your own memory stick;
  • sticks are often handed out as a gift at events – you should always check them on a computer without the “autorun” function before using them;
  • be especially careful about any sticks that you find – they may have been lost on purpose;
  • use a dedicated workstation to scan removable storage media before using them within your organisation;
  • if possible, block optical disc readers and USB ports on workstations (it is possible to do so using your operating system software);
  • ensure your staff are aware of the dangers of removable storage media.

Information leak

The theft of files or information can be facilitated by the use of removable storage media. Make sure you block USB ports and optical readers on your workstations. This will not prevent leaks over the Internet, so it would also be of use to consider DLP – Data Leakage Prevention.

Destruction of hardware

It is sometimes possible to find this type of storage media lying around. Sometimes, simple human curiosity drives us to collect these tools together and to look at what’s inside. Or if we are in a rush, we might be tempted to take the first storage media that we come across. But that risks ending badly. Some USB keys can easily transform themselves into “USB Killers” – a tool causing a powerful electrical discharge when inserted into a machine. You should therefore draw up an IT charter or internal instructions stating that the hardware used must be familiar to the person using it.

Table of Contents