This one is kind of tricky. You want to have a closed computerized system in your laboratory. But on the other hand, you want to be able to have USB access to your system, in case a service technician has to save documents on a flash device. And here exactly starts the problem…
Do you know how to flash a USB ROM, to get this device to install “software” as a “USB Driver” or to download data silently? You don`t? This technique exists! And hold in the wrong hands, it opens a super massive vulnerability in unsecured computer systems. The most important questions here are: Do you trust your service engineer/employee? Are you prepared for such attacks? Do you really need USB connectivity?
Personally, I do not know how to be 100% save and I hope to get valuable inputs…
One direct action could be, to use hardware USB port blockers for all open ports (http://www.lindy-usa.com/usb-port-blocker-pack-of-4-color-code-pink-40450.html) and register your must have hardware (like your mice and keyboard) in the device manager, then block everything else. Inputs on this topic are highly appreciated!!
Also read this article (https://www.kb.cert.org/vuls/id/889747) and/or search Google for keywords like “usb rom vulnerability windows”, “usb rom vulnerability mac”, “bad usb”.
USB + GLP = WTF?
Keine Kommentare:
Kommentar veröffentlichen