Prevent Data Slurping Part 2: Is superglue your best security tool?

In Part 2 of our guide to preventing data slurping, we explain how physical barriers to access can sometimes be the best way to lock down USB ports.

We already learned the best way to stop shifty things happening to your systems through firewire ports: turn them off. But unlike firewire, disabling USB ports is a real drag.

"The problem with USB is that it's so universal so it's difficult to turn off completely," says Adam Boileau, the creator of the firewire crack that unlocks Windows machines.

CD and DVD burners can be disabled, but turning off USB just isn't an option these days because it's used by so many legitimate peripherals like keyboards and mice.

As we heard, using an exploit in a USB device driver to seize control of a locked workstation is more difficult than it is when using Boileau's firewire technique, but again; your users already have access to the data they'd want to sneak out anyway.

"Once you've given someone access to a piece of data then it's very difficult to then restrict that piece of data," says Nick von Dadelszen, a colleague of Boileau's at in New Zealand.

Software that claims to prevent certain classes of devices being able to connect over USB are not always effective, von Dadelszen adds. "It's up to an attacker what sort of device they're going to tell the computer they are," he says. "It's fairly simple to say 'I'm a camera'."

Windows Vista will apparently ship with some more robust protection against USB-borne internal threats. "IT administrators can use Group Policy in Windows Vista to block the installation of removable storage devices, such as USB flash drives and external hard drives, to help prevent corporate intellectual property or sensitive data from being compromised or stolen," an MS marketing blurb on Vista says.

Until then, you can use a third-party port blocking agent (mixed reports of success) or even use some superglue to ensure nothing can be plugged into your USB ports aside from the keyboard and mouse, which have been glued into place. "By using things such as your PC lockdown tools you can raise the bar enough so that it's not simple for a standard employee to get data out," says van Dadelszen.

< Back to Part 1

Read more on Data breach incident management and recovery