USB Port Control And Blocking: Ealing Council Experiences Virus Infection Via Memory Stick.

There are many ways to copy data off a computer: burning to a CD, transferring data to a USB disk, sending a file via a network, etc.  This also means that there are many ways to copy data on to a computer, which in turn means that, if you need to protect data, you’ll need different forms of security.  For example, your company may need hard disk encryption like AlertBoot to protect laptops, but it will also require a little extra if that computer’s connected to the internet (a firewall ought to be used, at least).


Case in point, the Ealing Council in the UK.  According to reports, the council faces a £500,000 data clean-up bill after its IT systems were infected with a virus.  The situation got so bad that the IT infrastructure was crippled for 4 days.


It also lost revenue since it couldn’t issue fines (including parking and library overdue charges) and collect rent.  The final bill could reach £1.1 million, assuming security is upgraded to prevent similar future incidents.


Now, I don’t know what kind of security they had in place, but I can tell you which ones they didn’t: USB port control and software control products.


USB port control allows one to specify which devices, when plugged into the port, are allowed to make a connection to the computer.  This is usually controlled via a whitelist (a list of approved devices, like a mouse) or blacklists.  In the above case, assuming the USB stick was not issue by council, could have been removed from a whitelist.


Doing this would have meant that the memory stick couldn’t exchange information with the Ealing Council’s computers, and the virus wouldn’t have made it into the network.


Software application control also makes use of lists to provide better protection.  In this case, only approved software on a list is allowed to run in a computer.  Or, a blacklist can be used to specify which applications cannot run on the computer at all.


A virus, not being on a whitelist (I hope), would have not been authorized to run, and hence, there never would have been a calamitous infection.


Related Articles and Sites:
http://www.infosecurity-magazine.com/view/3775/council-left-with-500-000-bill-from-virus-infected-memory-stick/
http://www.scmagazineuk.com/Ealing-Council-facing-501000-fine-after-its-network-was-hit-by-a-virus-that-crippled-it-for-weeks/article/148144/



Comments (0)


Let us know what you think