As I’ve noted before, the SCADA worm (or, more accurately, the Stuxnet worm/Trojan) has nothing to do with drive encryption software like AlertBoot. But, perhaps a service that’s included in AlertBoot could be of help.
I didn’t realize it last week, but the worm affecting SCADA is actually parceled up with the Microsoft .lnk shortcut vulnerability, an attack that is spread around via USB drives. The attack kicks in automatically when a shortcut icon is displayed (I want to say “infected shortcut icon” but it sounds wrong for some reason). Disabling autorun and autoplay in Windows can’t prevent the infection, according to zdnet.co.uk.
In other words, you pop in an infected USB memory drive, open it up, and you’re now infected. In order to prevent this from happening, you can get Sophos’s Windows Shortcut Exploit Protection Tool for free. This was designed for people who don’t use Sophos’s antivirus software but need the protection.
Microsoft currently doesn’t have a fix.
Why Does A SCADA System Have USB Ports?
The above was the question a commenter left after reading the zdnet story.
Hm. That’s an interesting question.
As another commenter noted, probably because of the keyboard and the mouse: PS/2 ports are generally not found in modern computers, so the same port that is used to read and write to USB thumbdrives are also used for hooking up your input devices.
Of course, perhaps the real question is “why are people popping in their USB flash drives into a critical system?” And maybe the answer is, “because they can.”
While encryption can’t do much in the above situation, perhaps a security tool in AlertBoot’s arsenal could be of help: Port control software.
Port control allows an administrator to specify which devices can communicate via the USB ports. For example, mice and keyboards generally don’t pose a risk and are required to make use of critical systems like SCADA, so they’re allowed. On the other hand, perhaps that’s not the case with other USB-based devices (your iPod, for example, shouldn’t really be connecting to a machine that regulates a power plant).
You can see how such an application would be invaluable for managing the security of critical systems. In fact, here’s what our company’s page on port control has to say:
AlertBoot Port Control prevents unauthorized use of serial, parallel and other ports and controls access to CD-R of DVD-R drives
- USB ports (USB keys, personal music players, external hard drives, PDAs)
- Serial ports (PDAs, old communication devices)
- Parallel ports (Printers, old communication devices)
- FireWire (external hard drives, personal music players, PDAs)
- IrDA® (Infrared receivers, handheld portables, cell phones, cameras)
- CD-R/DVD-R (burning data on CDs or DVDs)
Selective access control based on device classes, brand, and ID
Extended features of Port Control allow an organization to adapt the security control policies to accommodate new devices or ports. Organizations can also discriminate between “good” and “bad” devices based on the devices classes, brand, and ID. This allows organizations to continue to use selective USB tokens or keys that are approved for use while excluding the use of other devices on that USB port.
Related Articles and Sites: