PDA

View Full Version : Employee gadgets pose security risk to companies


MacBytes
Nov 16, 2005, 05:15 PM
http://www.macbytes.com/images/bytessig.gif (http://www.macbytes.com)

Category: Opinion/Interviews
Link: Employee gadgets pose security risk to companies (http://www.macbytes.com/link.php?sid=20051116181503)

Posted on MacBytes.com (http://www.macbytes.com)
Approved by Mudbug

nagromme
Nov 16, 2005, 07:12 PM
This is one of the best reasons not to use Macs when security is important.

With Macs, you must block access to peripheral ports because any gadget the user connects is likely to just work with zero fuss.

But Windows is designed to throw up cryptic dialogs and demands for drivers when even the simplest device is connected.

My plain-old 2-year-old name-brand USB digital camera can't be used with even a new Windows PC, without loading a driver from CD first. My friend's old G3 Mac with OS X 10.1--a computer AND OS predating the camera by years--accessed it instantly without so much as a message popping up. I've even heard of Windows machines complaining about MICE! Macs understand 3 buttons and scrolling with no drivers needed.

If you want safety from employees bringing in their own devices, Windows is like putting a barbed wire fence around your systems. It's not perfect security, but it's an excellent deterrent.

mkrishnan
Nov 16, 2005, 07:27 PM
Companies increasingly expect white-collar workers to make casual usage of personal property for business reasons...needing to work from multiple sites or from home without providing computing resources at those sites, wanting them to use their personal cell phones for business purposes, wanting them to be in constant touch with electronically managed schedules but not providing PDAs, etc, etc, etc.

If they want all of that, they need to find a way protect their security concerns without all this complaining about employee devices.

The workplace shouldn't become a prison or a page from a Heinlein novel where you have to strip down and surrender all your possessions at the door.

:(

SiliconAddict
Nov 16, 2005, 10:37 PM
Blah blah blah.....I have all of our ports in our office locked down in Active Directory and when someone does plug a device in the system dumps an even into the event log and then runs a small exe that dumps the device info into a directory on my desktop. I go through it once a month to see who is trying to be sneaky and then give them a call letting them know about corp policy.
Next.... :rolleyes:

SiliconAddict
Nov 16, 2005, 10:44 PM
My plain-old 2-year-old name-brand USB digital camera can't be used with even a new Windows PC, without loading a driver from CD first. My friend's old G3 Mac with OS X 10.1--a computer AND OS predating the camera by years--accessed it instantly without so much as a message popping up. I've even heard of Windows machines complaining about MICE! Macs understand 3 buttons and scrolling with no drivers needed.

If you want safety from employees bringing in their own devices, Windows is like putting a barbed wire fence around your systems. It's not perfect security, but it's an excellent deterrent.

That is because the manufacture sucks at hardware development. Do you think its just chance that most thumbdrives just work on most modern computers without loading a driver? That is because they are designed that way. My Sony Cybershot was purchased AFTER XP came out and it "just works" because it was designed around the mass storage driver. Don't blame Microsoft. Blame the device manufacturer for not taking the time or effort in their device.

Nermal
Nov 16, 2005, 10:52 PM
I'm confused. Why is this news? How is a USB drive or iPod different from an old floppy disk? Sure, they hold more, but the content is bigger too, so in practice you don't gain that much additional space.

nagromme
Nov 16, 2005, 11:21 PM
That is because the manufacture sucks at hardware development. Do you think its just chance that most thumbdrives just work on most modern computers without loading a driver? That is because they are designed that way. My Sony Cybershot was purchased AFTER XP came out and it "just works" because it was designed around the mass storage driver. Don't blame Microsoft. Blame the device manufacturer for not taking the time or effort in their device.
My post wasn't entirely serious of course, but nonetheless: these "badly designed" devices DO work just fine on a Mac and not Windows. Maybe one of the things I should appreciate about my Mac is being forgiving about badly-designed USB cameras, drives, and mice :)

efoto
Nov 17, 2005, 11:37 AM
My company doesn't expect me to use personal equipment (other than my cellphone because they are cheap bastards and don't want to get me one) however they aren't strongly opposed to me using my own devices. I was given the choice of a tossed around PII/PIII Compaq notebook, or the use of my personal computer (12" PB) as long as I understood the implications of choice B. Obvious choice really....no contest.

It does pose some serious risks, but so do many other aspects of many corporations and they don't seem to be addressing those. I think people simply fear what they cannot see or understand....wifi, BT, etc, since you are transferring data and no one can see you. It's not like making photo-copies of the corporate secrets where you would visually be up to no good.

iGary
Nov 17, 2005, 11:45 AM
Does this mean I can't bring my USB 2.0 dildo to work?

efoto
Nov 17, 2005, 11:51 AM
Does this mean I can't bring my USB 2.0 dildo to work?

Depends on if your company deals in programming for new porno moves for said USB dildo :p

They might not like you walking out the front door with "scorpion stinger v3.2" loaded up if the software hasn't been finalized for sale yet :p

840quadra
Nov 17, 2005, 01:46 PM
I didn't give the article any credit past this

said Norm Laudermilch, chief security officer at Trust Digital, a McLean, Va., mobile security vendor.

Still an interesting read, Though this is not a new threat at all. How many years has Apple been producing portable devices, and or supporting removable media?

Back in the day you could fit an entire database or program on a floppy or CD-ROM. With media sizes being larger now, the size of media needed to do the same type of work requires something bigger. In other words, an 800k or 1.4mb floppy 10-20 years ago is as dangerous as a large flash drive or iPod (disk mode) is today .

IMHO some of these security analysts are just as bad as car insurance risk analysts. "Yes, you have alloy wheels on your car, that means you are going to street race, thus we are raising your rates!"

840quadra
Nov 17, 2005, 01:49 PM
Does this mean I can't bring my USB 2.0 dildo to work?

Didn't I tell you to read your damn TPS report? :p :D


::EDIT:: Sorry posted 2 in a row, mods feel free to merge if time allows! :(

mkrishnan
Nov 17, 2005, 07:37 PM
Does this mean I can't bring my USB 2.0 dildo to work?

*sigh* A job with such a policy would not be worth having, my dear. :( :eek: :D

rdowns
Nov 18, 2005, 04:28 AM
Does this mean I can't bring my USB 2.0 dildo to work?

I'm stunned. I thought you'd have the Firewire 800 version.

Abstract
Nov 18, 2005, 04:48 AM
The man likes it nice and slow.


And if these guys are so worried about security, then they should provide business mobile phones to employees......ones that have no camera. If they let you use your own shiznit, I think you should be able to use it how you want. Maybe then companies won't put everything on the employees shoulders, and would have to take part of the blame when things go off.

shamino
Nov 18, 2005, 02:00 PM
Back in college, I interned with a defense contractor. They had a very strict policy. No documents leave the premesis without permission. My bag was searched by the guard on the way out every day. I could not transport out any paperwork or floppy disks without authorization.

I was also not permitted to bring in personal electronic devices or anything capable of making recordings or transmissions. No radio, walkman, camera, etc.

Today, I'm sure this policy also prohibits personal computers, PDAs, phones, and flash memory cards.

The article is describing nothing new. At least nothing that secure installations haven't been concerned with for a very long time. If other companies want to impose that level of security, it's not difficult to set up. (It is, however, expensive, and many employees will complain bitterly.)

mkrishnan
Nov 18, 2005, 02:49 PM
I'm stunned. I thought you'd have the Firewire 800 version.

We *all* know that Firewire is much better for sustained activity, whereas USB is only good at short, fast bursts, and then wimps out. Now which description sounds like a better suit to the aforementioned device? :eek: :D :D :D