Securing Computing Resources from USB Borne Viruses and Malware. White Paper



Similar documents
ClearCube: Dedicated 1:1 Blade PC Workstations for Centralized and Virtualized Desktop Infrastructure

2014 Teradici Corporation.

Driving Company Security is Challenging. Centralized Management Makes it Simple.

PC Blade Virtualization Configuration Guide

Our Mission. Provide traveling, remote and mobile laptop users with corporate-level security

Best Practices for DanPac Express Cyber Security

THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS

The Virtualization Practice

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

How To Protect Your Data From Being Stolen

Solution Recipe: Improve PC Security and Reliability with Intel Virtualization Technology

How To Manage A System Vulnerability Management Program

Beyond Remote Control Features that Take Remote Control Capabilities to the Next Level of Network Management

SecureAge SecureDs Data Breach Prevention Solution

Agilent Technologies Electronic Measurements Group Computer Virus Control Program

Recovery BIOS Update Instructions for Intel Desktop Boards

Common Cyber Threats. Common cyber threats include:

PCI PA - DSS. Point BKX Implementation Guide. Version Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core

PCI PA - DSS. Point ipos Implementation Guide. Version VeriFone Vx820 using the Point ipos Payment Core

Virtual Desktop Infrastructure

Cyber Security Solutions:

End-user Security Analytics Strengthens Protection with ArcSight

Intel Cyber-Security Briefing: Trends, Solutions, and Opportunities

CSG & Cyberoam Endpoint Data Protection. Ubiquitous USBs - Leaving Millions on the Table

Servers. guide to making a lot better with. Security, with built-in, highly automated features that stop attacks

Zone Labs Integrity Smarter Enterprise Security

CUTTING-EDGE SOLUTIONS FOR TODAY AND TOMORROW. Dell PowerEdge M-Series Blade Servers

Best Practices for DeltaV Cyber- Security

Endpoint Security: Moving Beyond AV

Why ClearCube Technology for Multiple Independent Secure Networks (MILS) Solutions? Client Cube KM. Moving desktops to the datacenter.

BTEC First Diploma for IT. Scheme of Work for Computer Systems unit 3 (10 credit unit)

Pointsec Enterprise Encryption and Access Control for Laptops and Workstations

alcatel-lucent vitalqip Appliance manager End-to-end, feature-rich, appliance-based DNS/DHCP and IP address management

Why Switch from IPSec to SSL VPN. And Four Steps to Ease Transition

DeltaV System Cyber-Security

Why ClearCube Technology for VDI?

LuminonCore Virtual Desktop Infrastructure (VDI) Products

PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00

VMware View 4 with PCoIP I N F O R M AT I O N G U I D E

GFI White Paper PCI-DSS compliance and GFI Software products

WHITE PAPER. Best Practices for Securing Remote and Mobile Devices

Introduction. PCI DSS Overview

Desktop Virtualization in the Educational Environment

NComputing desktop virtualization

Solution Recipe: Improve Networked PC Security with Intel vpro Technology

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Desktop Consolidation. Stéphane Verdy, CTO Devon IT

Software Licensing in Virtual Environments. Managing the Terms of Software Use in Virtualized Systems

A guide to CLARiSUITE TM network solutions

Southwest District Health Nomination Narrative

UNCLASSIFIED Version 1.0 May 2012

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

Technical papers Thin client networking

Endpoint Security Management

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and Advanced Persistent Threats

Endpoint protection for physical and virtual desktops

Virus Protection Across The Enterprise

Compulink Advantage Cloud sm Software Installation, Configuration, and Performance Guide for Windows

Secure Remote Control Security Features for Enterprise Remote Access and Control

Section 12 MUST BE COMPLETED BY: 4/22

Top tips for improved network security

A+ Guide to Managing and Maintaining Your PC, 7e. Chapter 1 Introducing Hardware

Compulink Advantage Online TM

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

Building A Secure Microsoft Exchange Continuity Appliance

Deploying Firewalls Throughout Your Organization

Technical Brief. Userful Multiplatform Desktop Virtualization Software

How To Use Softxpand (A Thin Client) On A Pc Or Laptop Or Mac Or Macbook Or Ipad (For A Powerbook)

Executive Series. Intel Desktop Board DB75EN Executive Series MicroATX Form Factor

MICRO MOTION 5700 TRANSMITTER SECURITY FEATURES AND BEST PRACTICES BY JASON LEAPLEY, MICRO MOTION, INC.

Windows Operating Systems. Basic Security

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

Fundamental Issues: Nuclear Generators Lead Cyber Security

Secure, cost-effective alternatives to repurposing PCs for Virtual Desktop Deployments

Motherboard- based Servers versus ATCA- based Servers

PCI Data Security Standards (DSS)

McAfee epolicy Orchestrator * Deep Command *

Cyber Security Where Do I Begin?

The Attacker s Target: The Small Business

Server Based Desktop Virtualization with Mobile Thin Clients

WinMan. Utilizing Terminal Services. Quick Results. Summer, ver a d v a n c e d s y s t e m s

ClearOS Network, Gateway, Server Quick Start Guide

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System

IQware's Approach to Software and IT security Issues

Server-centric client virtualization model reduces costs while improving security and flexibility.

Cisco MCS 7825-H3 Unified Communications Manager Appliance

CLASS FINAL REPORT UNIVERSITY OF CENTRAL FLORIDA FRONTIERS IN INFORMATION TECHNOLOGY COP 4910

Desktop Virtualization Technologies and Implementation

The Key to Secure Online Financial Transactions

VDI can reduce costs, simplify systems and provide a less frustrating experience for users.

DUKANE Intelligent Assembly Solutions

LAW OFFICE SECURITY for Small Firms and Sole Practitioners. Prepared by Andrew Mason, Scott Phelps & Mason, Saskatoon Saskatchewan

Using NI CompactDAQ Controllers

integrated lights-out in the ProLiant BL p-class system

Terminal Server Software and Hardware Requirements. Terminal Server. Software and Hardware Requirements. Datacolor Match Pigment Datacolor Tools

Top Five Ways to Protect Your Network. A MainNerve Whitepaper

Transcription:

Securing Computing Resources from USB Borne Viruses and Malware White Paper By Ray Dupont Director of Engineering Desktop Solutions ClearCube Technology

The Nature of the Problem The USB dongle (also known as a disk-on-key or thumb drive) has become an integral part of our work environment, replacing the floppy disk of years ago. Floppy disk drives no longer appear on most computers sold today but these computers all have USB ports, so use of the USB dongle has become a major method for users to easily capture and transport data in many work environments. As use of the ubiquitous USB dongle increases, transmission paths and security vulnerabilities have been created for increasingly sophisticated software malware, included worms and viruses. In many cases, the threat presented by these malicious software elements greatly outweighs the benefit to the users. There have been multiple articles on the threat that USB Mass Storage Devices have had in spreading worms and viruses throughout the military and corporate world. Multiple documented cases of government espionage, illegal or unauthorized transfer of documents, and hacking could have all been avoided by a proven, secure solution thus preventing these kinds of malicious acts. What are the potential ramifications of having an easily accessible, unguarded port to an organization s secrets? What is the impact of a breach in national security? Has your organization considered how to prevent such breaches with the right technology or do your current IT practices continue to make decisions around and source technology based on the existing status-quo?

Links to Recent Articles For more information about how these security threats are already effecting DoD installations, you can review some of the following articles: Under Worm Assault, Military Bans Disks, USB Drives November 19, 2008 Link: http://blog.wired.com/defense/2008/11/army-bans-usb-d.html USB Devices Containing Worms Threaten US Army, All Removable Devices Temporarily Banned November 20 th, 2008 Link: http://cyberinsecure.com/usb-devices-containing-worms-threaten-us-army-all-removable-devicestemporarily-banned/ Old worm infects Department of Defense computers November 22, 2008 Link: http://www.itworld.com/security/58270/old-worm-infects-department-defense-computers Malware spread explains Pentagon USB ban December 1, 2008 Link: http://www.theregister.co.uk/2008/12/01/malware_pentagon_usb_ban/

Methods to Address the Problem The question for the IT management now is how to effectively block this security threat and still maintain a productive environment for users. There are several approaches to this problem: 1) Brute Force this method imposes a personnel based policy ban on all USB dongles; they simply don t allow them in the environment. This is the approach that is being taken by IT management in many of the articles cited above. This however is going to have a stifling impact on the productivity of the employees and IT staff, and can be difficult to enforce. This is an ineffective solution with lots of negative impact. 2) Software Policy this method uses a software based policy manager to selectively allow registered or deny unregistered USB devices. These policy managers are typically available through the operating system, middleware or end user programs. The problem with this method is that whenever a software method is used to secure the USB ports, there will also be a way to subvert it through software hacking. This represents a more flexible solution, but is still not entirely effective. 3) Firmware Policy this method is more secure than the software method, and is usually a feature in embedded hardware that forms a client access device at the user desktop. Such client devices are normally part of a centralized computing architecture and provide user connectivity to computing resources in a secure data center. This method is more secure than a software policy, and certainly more difficult to hack, but still leaves the client device accessible to a malicious user. Therefore, this is also a flexible solution, but does not guarantee security - the ingenuity of hackers has been demonstrated over and over again. 4) Hardware Mass Storage Lockout this method moves the enforcement of the USB policy against mass storage devices to the host computing resources inside a secure data center. This is the method that ClearCube uses and provides the most secure method of protecting the system. This method will be further explained in the following section.

The ClearCube Solution The ClearCube concept is simple: condense the PC into an Intel-based "blade PC" form-factor, house it in a chassis and centralize it in a secure location. A small user port connects the monitor, keyboard, mouse and USB peripherals to the blade across a wired or wireless network. Users can also access their blades through a variety of industry standard access devices (e.g., thin clients, tablets, and PDAs) via a web browser. IT administrators remotely control the entire system from anywhere in the world using simple but powerful ClearCube management software (Sentral). The ClearCube solution consists of Blade PCs, user ports, and management software: Blade PC an end user business computer that is rackmounted in a secure location. ClearCube PC blades contain the latest Intel Pentium Dual-Core or Xeon processors, highperformance disk drives, DDR2 memory and PCI Express graphics cards. Chassis enclosure that provides all of the Ethernet connections, user port connections, airflow management and power input to the blades. Features are delivered through a modular architecture. User port a small solid state access device that connects the end user's computing peripherals (monitor, keyboard, mouse, speakers, and authorized USB devices) to a ClearCube blade PC across a wired or wireless network. About the size of a paperback book, the user port has no fans, emits no noise and produces very little heat. ClearCube Sentral Management Software enables IT administrators to manage global centralized infrastructure deployments from a single onsite or remote console. Sentral includes unique features such as connection brokering, virtual machine integration, remote BIOS upgrades, active health monitoring, multilevel security configuration and customized views and reporting. The software can also be leveraged to support virtualized desktops or other vendors' blade systems.

Introduction of the Hardware based Mass Storage Lockout feature In 2001, ClearCube Technology announced the USB C/Port, a cutting edge enhancement to its highlyacclaimed C3 Architecture for centralized computing. The C3 Architecture revolutionized desktop PC management by centralizing computing assets while delivering full PC functionality to the user desktop. The USB C/Port delivers complete graphics and USB functionality to the desktop from a Blade PC in the data center. The USB C/Port and subsequent devices are ideal for clients that need to provide their users with the greatest amount of flexibility without sacrificing either network security or the quality of the user experience. The C3 Architecture was originally designed for government and military customers including the DoD and DoE, and was specifically targeted to address demanding security requirements, and leverages the benefits of centralized computing, wherein blade PCs are secured in a controlled access environment. Because they are placed within controlled access, these Blade PCs can deliver a full PC user experience without exposing unwanted security risks. To further improve the security of the USB functionality, a hardware mechanism was added to control access of USB mass storage devices. The Blade PC provides a hardware jumper that is set by the person who has access to the secured environment. This hardware jumper is virtually impossible to defeat by the usual software methods used by hackers. This effectively reduces significant expense in time, effort and resources that organizations expend combating the problems and potential threats associated with unlocked USB ports. Today, the ClearCube Mass Storage Lockout implementation is available in several different product lines, designed to address different user experience requirements: In the original C/Port solution, USB security is assured by the unique ClearCube mass storage lockout feature on the blade side of the solution. By enabling the jumper on the blade the USB controller now monitors all of the traffic on the USB ports. Whenever it identifies a USB Mass Storage device is plugged into a USB port on the C/Port (or indirectly connected through a USB hub) downstream of the C/Port it will lock it out and send a message that the device is not allowed. There is no software method from the C/Port side to defeat this hardware lockout. In the newer PCoIP solutions, the client firmware provides the capability to lockout USB devices by class or registered serial number through a very flexible policy management system only specifically allowed devices can be used. For complete security, the ClearCube PCoIP solutions can also be combined with the same hardware method as the C/Port solutions. Whenever the PcoIP client device forms a session with a blade that has the jumper enabled it will automatically lock out all Mass Storage Devices, overriding any existing firmware/software policies.

Conclusion ClearCube offers solutions with patented technology that enable host based Mass Storage Lockout which permits IT organizations to effectively allow USB access to only those that should have access while prohibiting access to those that do not. This feature has been an integral part of the ClearCube solution since its inception and does not require additional hardware and software to implement. Organizations that are concerned about vulnerability to USB borne virus attacks need to evaluate the ClearCube solution as the only completely effective hardware based protection against this type of security threat. www.clearcube.com About ClearCube ClearCube is the market leader of centralized computing and virtual desktop solutions. As the pioneer of centralized desktop computing, ClearCube provides solutions that span 1:1 power users to 1:many virtualized desktop environments, integrating connection broker software, blades, access devices and professional services to give organizations full control and flexibility over end-user computing. ClearCube s Sentral VDI Management System provides clients the ability to utilize any back-end hardware or user access device for desktop virtualization. Organizations deploying ClearCube gain improved manageability, 99.9 percent availability and hardened security while reducing support costs by more than 40 percent. For more information, visit its corporate website at www.clearcube.com.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information