Kingston How to allow USB drive access User Manual

How to allow USB drive access

without compromising Endpoint Security

#KingstonIsWithYou

Introduction

In January 1996, the official USB 1.0 specification upon release was heralding a new era of uniformity, convenience and versatility forperipheral device vendors and end users alike. 25 years later, it maintains backwards compatibility with each revision, and USB endures as a cornerstone of computerhardware interface from servers to smartphones.

USB’s plug-and-play simplicity and ever-increasing speeds have made USB portable storage evolve as one of the big winners. Yet, such convenience has a trade-off when it comes to data security. In today’s world, without the use of proper tools such as endpoint protection on host computers and proper data security practices, users with careless attitude towards using portable USB storage leave themselves and others exposed to possible data breaches that could be costly to the end user and can even compromise an entire organization or government.

In addition to protecting the host environment, the USB drive should also be secured with password protection and on-device hardware encryption. This offers the most

robust defence against intrusion. We’ll be going over some best practices to use USB drives more securely along with a more in-depth look into USB drives in general.

While a combined approach is ideal, it’s the robustness of the encryption and the hardware components of the USB drive itself that are of paramount importance. These benefit sectors from finance to healthcare to manufacturing and the military. They also play a role in remote working where network access is either unavailable, vulnerable or impractical.

USB hardware-encrypted drives are available with different certification ratings while providing a range of security features. By examining theirattributes and opportunities forcustomisation, theirsuitability as stand-alone solutions are also illustrated by securing their place in all manners of sensitive environments.

#KingstonIsWithYou

Port authority: USB storage meets Endpoint management data loss prevention software

For decades, anti-virus and anti-malware applications have offered protection at the most fundamental level – automatically scanning downloads and attached devices and reporting or acting on suspicious content. Protection from Next Generation Anti-Virus (NGAV) software takes this a step further. Instead of relying solely on a continually updated database of virus signatures, NGAV adds machine learning and behavioural detection features that can identify and mitigate against unknown threats.

It’s not the only weapon in the armoury though, and for those wanting bulletproof protection from user peripherals and more, Endpoint Management Data Loss Prevention (DLP) software provides the means to deny any kind of access to USB ports and other access points.

The ‘Block All Ports’ attitude to securitycan certainlyeliminate risk, and, in some circumstances,

may be desirable, but such a policy can often prove to be a very blunt instrument with undesirable consequences.

Yet, some IT administrators prefer to decline requests to open USB ports on user machines since doing so on these endpoints will allow direct access through the enterprise firewall.Such caution is understandable but when it comes to enabling access for USB storage, provisioning this privilege doesn’t have to be a massive security headache if certain prerequisites are observed.

An essential requirement is an endpoint management application suite that features threat detection scanning on anti-virus/anti-malware solutions as well as centralised monitoring and management of all the user endpoints.

Generally, this straightforward approach appears in various guises in unified solutions from popular vendors such as McAfee MVision, Sophos Intercept X, Symantec Endpoint Security, Trend Micro Smart Protection and WinMagic SecureDoc to name a few.

Refinements in whitelisting

When it comes to securing USB storage devices, the method deployed is dependent on the level of protection required. A simple yet effective approach is to whitelist USB storage devices by utilising their respective Vendor Identifier (VID) and Product Identifier (PID) values. One thing about all USB peripherals is that manufacturers each have a unique VID, but the PID changes for every new product that is released.

For whitelisting, using a manufacturer’s VID alone would be too broad to be secure since every USB device it has ever produced would be permitted. The PID offers more refinement and demands that only a specific model be granted access to the host system.

While this is an improvement, it’s still not ideal. USB storage devices are hugely popular as it enables users to acquire their own devices matching the authorised models. Keeping these things in mind, Kingston Technology offers a bespoke solution to tighten up USB storage device security.

Available through its Customisation programme, custom PID profiles specific to an organisation can be created and applied to a range of Kingston encrypted USB flash drives. Companies deploying devices featuring a tailored product identifier not only benefit from simplified

whitelisting but greatly enhanced security. With no matching custom PID, even seemingly identical devices independently purchased by employees will be denied access.

While the use of custom PIDs will enable IT administrators to bring new USB storage devices on stream quickly and easily, a more granular alternative is to use individual device serial numbers that are featured on most Kingston

#KingstonIsWithYou