Networks at risk
Networks at risk

IPods and MP3 players threaten network security

Unauthorised portable storage devices opening back doors for viruses and hackers

Robert Jaques

Most companies are failing to address the serious security risks created by the proliferation of USB flash drives, MP3 players and similar portable storage devices, industry experts have warned.

Ruggero Contu, client research consultant at analyst Gartner, warned that the use of unauthorised portable storage devices poses several dangers, not least for the malicious code that they can introduce to corporate networks.

Advertisement

High data capacity and transfer rates mean that USB or FireWire devices have the capacity to download valuable corporate information which can be leaked to the outside world, according to the analyst.

"This underlying vulnerability has existed since the release of Windows 2000, the first widely deployed operating system able to mount a USB storage device automatically," said Contu.

Gartner warned that the danger comes from back doors being opened by portable devices including any kind of pocket-sized FireWire hard drive, like those from LaCie or Toshiba, or USB hard drive or keychain drives.

They also include disk-based MP3 players, such as Apple's iPod, and digital cameras with smart media cards and other memory media.

"Companies are at risk of losing intellectual property and other critical corporate data. Portable storage devices are ideal for anyone intending to steal sensitive and valuable data," said Contu.

"Employees may also be responsible for losing data if they inadvertently mislay these devices."

Gartner advised companies to forbid the use of uncontrolled, privately owned devices with corporate PCs. The prohibition should also extend to external contractors with direct access to corporate networks.

Companies should adopt a controlled approach with security measures that incorporate overall organisational security policy and specific technology tools.

"Managers should advise on the main procedures to be followed for the eventual use of such devices, for instance to confirm the need for password and security protection [encryption] of stored corporate data. This will also help mitigate risks from loss or theft," said Contu.

Gartner advised that general security best practice should include the implementation of a desktop lockdown policy.

Managers should also consider disabling universal plug and play after pre-installing any desired drivers to permit the use of authorised devices only.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Further reading

David Neal

Now everyone is a security risk

Is banning iPods taking corporate security concerns too far?

Removable media risk

Firms ignore MP3 and memory stick security risk

UK businesses failing to monitor removable media usage on corporate networks

Security tool could prevent iPod risk

Pointsec Media Encryption secures corporate data on removable media

Encryption tool secures Flash media

Pointsec offers a means to keep corporate data slipping out via the USB port

Related whitepapers

Related jobs

Most watched

eu flag

V3.co.uk weekly debrief, 6 Nov 09

This week, Europe decides what to do with illegal file sharers

Intel unveils its micro server platform

Small-enclosure systems take aim at hosting market

Analysis and Reports

Remote access - Three steps to getting connected

3.4 million UK professionals now work from home – is your company equipped?

Cost benefits of a global collaboration network

This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications

Poll

Impact of Information Overload poll

Impact of Information Overload poll

What is the biggest problem your firm faces as a result of the data explosion?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

Alcatel-Lucent logo

Summit: Networks swamped by information overload

Alcatel-Lucent's Neal Tilley talks about how enterprises and carriers can...

EU flag

Breach notification laws get green light

Privacy rights strengthened in Europe

Richard Thomas

Summit: Richard Thomas advises on handling the data deluge

Former Information Commissioner speaks out on government databases and data...

oracle sun

War of words escalates between EU and Oracle

Commission comes out fighting after criticism from Oracle and Washington

Primary Navigation