Attacks/Breaches
12/26/2007
04:00 AM
Connect Directly
RSS
E-Mail
50%
50%

The Gifts That Keep on Giving

Holiday gifts of gadgets and storage devices can create nightmares for IT

2:00 PM -- With Christmas only one day behind us, are you ready for the influx of new digital gifts into your network? New storage devices in the form of portable musical players and USB thumb drives hidden in a pen. Phones that include digital organizers and PDAs. Laptops. New 802.11 WiFi or Bluetooth wireless networking devices.

These new devices pose a real threat to your organization's security. If you haven't already taken measures to protect yourself, then it's time to hunt down rogue devices that could accidentally lead to a breach in your network.

New laptops plugging into the network are an everyday issue for many organizations. In an ideal world, companies facing this problem will already have a mechanism in place to prevent unknown machines from plugging in: network access control, network port security that restricts access to known MAC addresses, or a program that requires machines be registered before getting a usable IP address.

Some methods for protecting the network against rogue laptops will be similar to those used to restrict mobile device access. Most users don't realize that the convenience of wireless networking, especially when unsecured and unknown to corporate IT, is a huge security risk.

Portable storage devices -- MP3 players, thumb drives, and even digital photo frames -- are a stickier situation. Some organizations take the extreme approach, putting epoxy in the USB ports to prevent their use. This is the poor man’s way of stopping unauthorized USB devices, and it isn't very practical.

There are other ways to handle the problem, such as modifying the Windows Registry or buying a software solution that can control USB devices. Many antivirus vendors are including security features that can control USB device access -- some even allow access only to pre-defined device serial numbers.

These threats aren't new, but they require closer attention during the holiday season, when users get new gifts that they are itching to try out and impress their coworkers with. If you've not already taken measures to protect against these things, it may be too late now. But look on the bright side -- you've got a year to prepare for the next holiday season.

— John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.