Kingston How to allow USB drive access User Manual

How to allow USB drive access

without compromising Endpoint Security

#KingstonIsWithYou

Introduction

In January 1996, the official USB 1.0 specification upon release was heralding a new era of uniformity, convenience
and versatility for peripheral device vendors and end users alike. 25 years later, it maintains backwards compatibility
with each revision, and USB endures as a cornerstone of computer hardware interface from servers to smartphones.

USB’s plug-and-play simplicity and ever-increasing speeds have made USB portable
storage evolve as one of the big winners. Yet, such convenience has a trade-off when it
comes to data security. In today’s world, without the use of proper tools such as endpoint
protection on host computers and proper data security practices, users with careless
attitude towards using portable USB storage leave themselves and others exposed to
possible data breaches that could be costly to the end user and can even compromise
an entire organization or government.

In addition to protecting the host environment, the USB drive should also be secured
with password protection and on-device hardware encryption. This offers the most
robust defence against intrusion. We’ll be going over some best practices to use USB drives more securely along
with a more in-depth look into USB drives in general.

While a combined approach is ideal, it’s the robustness of the encryption and the hardware components of the USB
drive itself that are of paramount importance. These benefit sectors from finance to healthcare to manufacturing
and the military. They also play a role in remote working where network access is either unavailable, vulnerable or
impractical.

USB hardware-encrypted drives are available with different certification ratings while providing a range of security
features. By examining their attributes and opportunities for customisation, their suitability as stand-alone solutions
are also illustrated by securing their place in all manners of sensitive environments.

#KingstonIsWithYou

Port authority: USB storage meets Endpoint management data
loss prevention software

For decades, anti-virus and anti-malware applications have offered protection at the most fundamental level –
automatically scanning downloads and attached devices and reporting or acting on suspicious content. Protection
from Next Generation Anti-Virus (NGAV) software takes this a step further. Instead of relying solely on a continually
updated database of virus signatures, NGAV adds machine learning and behavioural detection features that can
identify and mitigate against unknown threats.

It’s not the only weapon in the armoury though, and for those wanting bulletproof protection from user peripherals
and more, Endpoint Management Data Loss Prevention (DLP) software provides the means to deny any kind of
access to USB ports and other access points.

The ‘Block All Ports’ attitude to security can certainly eliminate risk, and, in some circumstances,
may be desirable, but such a policy can often prove to be a very blunt instrument with
undesirable consequences.

Yet, some IT administrators prefer to decline requests to open USB ports on user machines
since doing so on these endpoints will allow direct access through the enterprise firewall. Such
caution is understandable but when it comes to enabling access for USB storage, provisioning
this privilege doesn’t have to be a massive security headache if certain prerequisites are
observed.

An essential requirement is an endpoint management application suite that features threat detection scanning
on anti-virus/anti-malware solutions as well as centralised monitoring and management of all the user endpoints.

Generally, this straightforward approach appears in various guises in unified solutions from popular vendors such
as McAfee MVision, Sophos Intercept X, Symantec Endpoint Security, Trend Micro Smart Protection and WinMagic
SecureDoc to name a few.

Refinements in whitelisting

When it comes to securing USB storage devices, the method deployed is dependent
on the level of protection required. A simple yet effective approach is to whitelist
USB storage devices by utilising their respective Vendor Identifier (VID) and Product
Identifier (PID) values. One thing about all USB peripherals is that manufacturers each
have a unique VID, but the PID changes for every new product that is released.

For whitelisting, using a manufacturer’s VID alone would be too broad to be secure
since every USB device it has ever produced would be permitted. The PID offers more
refinement and demands that only a specific model be granted access to the host
system.

While this is an improvement, it’s still not ideal. USB storage devices are hugely
popular as it enables users to acquire their own devices matching the authorised
models. Keeping these things in mind, Kingston Technology offers a bespoke solution
to tighten up USB storage device security.

Available through its Customisation programme, custom PID profiles specific to

an organisation can be created and applied to a range of Kingston encrypted USB
flash drives. Companies deploying devices featuring a tailored product identifier not only benefit from simplified
whitelisting but greatly enhanced security. With no matching custom PID, even seemingly identical devices
independently purchased by employees will be denied access.

While the use of custom PIDs will enable IT administrators to bring new USB storage devices on stream quickly and
easily, a more granular alternative is to use individual device serial numbers that are featured on most Kingston

#KingstonIsWithYou