Thoughts on the USB/thumb/jump drives 1

[wlfpackr]

Just wondering what the thoughts were on these USB mass storage devices. I run an IT dept for a medium-sized company and these things always creep me out for a security hazard. How many times do you read that some company had a laptop stolen and now sensitive customer or employee data had been exposed?

These small little devices could easily bring a company to it's knees, but is there a way to really stop it? It's not only these objects, but iPods, cell phones, PDAs, etc. can all be used to carry data off site and can easily plug into a USB port on a PC.

Have I just become the old-IT fart that I used to complain about? Am I the crusty old man that is now trying to make the average Joe end-user's life complicated? Or is this a growing concern in other companies as well?

=================
There are 10 kinds of people in this world, those that understand binary and those that do not.

 

[sggaunt]

Don't know if anyone has already mentioned this, but I have heard of Companies glueing up USB ports to prevent the use of Sticks. (going a bit too far I think)

Steve: N.M.N.F.
Playing the blues isn't about feeling better. It's about making other people feel worse.

 

[Sympology]

Must be a pain on a pc with no serial or PS/2 ports...

Only the truly stupid believe they know everything.
Stu.. 2004

 

[kmcferrin]

Here's a good to at least be suspicious of them, if not outright ban them:

http://www.microsoft.com/technet/technetmag/issues/2008/01/SecurityWatch/default.aspx

And here's another:

http://isc.sans.org/diary.html?storyid=3817

 

[dthede]

It's clearly a business process issue and policy issue, and therefore involves both HR and the IT fabric underlying the entire company or organization. But clearly, too, as has been pointed out, responsibility devolves upon the human individual, not simply abstract "departments." - DT