4 Steps to Securely Use Removable Storage Media
Introduction
Removable storage media offer convenience for data transfer and backup, but they also commonly serve as a means to spread malware or launch power surge attacks, potentially damaging assets and disrupting business operations.
In this article, we will discuss the security controls that organizations can implement to handle removable storage media effectively and minimize the security risks associated with their misuse.
Step 1: Restricting Access to USB Ports
A golden rule in cybersecurity is to deny by default. USB ports can be restricted physically using USB port blockers or logically through configurations in the operating system or endpoint protection software.
USB Port Blockers
To use a USB port blocker, simply attach the blocker to the key and insert it into the USB port. Slide the mechanism on the key to insert or remove the blocker from the USB port.
Denying Removable Storage Access through Windows Group Policy
If USB usage is not necessary on the computer, open Group Policy Editor and navigate to the path User Configuration\Administrative Templates\System\Removable Storage Access. Enable the state for the following settings:
- Removable Disks: Deny read access
- Removable Disks: Deny write access
- All Removable Storage classes: Deny all access
- WPD Devices: Deny read access
- WPD Devices: Deny write access
Remark: To allow removable storage access, simply change the state to disabled.
Step 2: Turning Off Autoplay
When Autoplay is enabled, the system automatically starts reading from a drive when a USB drive is plugged in. This can allow attackers to exploit the feature to launch malicious programs that could damage our computer.
To prevent this, open Group Policy Editor and navigate to the path Computer Configuration\Administrative Templates\Windows Components\AutoPlay Policies. Enable the Turn off Autoplay setting for all drives.
Step 3: Using Encrypted USB Drives
By using encrypted USB drives, we can ensure that the information stored on the removable drives is inaccessible without knowing the password required to access the drive, protecting data-in-rest.
Hardware-Encrypted USB Drives
Hardware-encrypted USB drives require users to enter a password, either through the built-in application or physically on the hardware (such as the Apricon Aegis Secure Key). The drive can be accessed only when the correct password is entered.
Turn on Bitlocker
Although hardware-encrypted USB drives are secure by default, they often have storage limitations, with larger storage capacities typically costing more. Therefore, we may need to use external hard drives, which are not encrypted by default. We can utilize BitLocker to encrypt the hard drive. Note that the setup process may take longer for larger storage capacities.
To enable encryption on the external hard disk, right-click the removable drive, click on “Turn on BitLocker,” and select “Use a password to unlock the drive”.
Step 4: Establishing Processes for the Use of Removable Storage Media
Apart from the technological controls mentioned above, organizational controls are equally important for securing the use of removable storage media.
Authorizing the Use of Removable Storage Media
Removable storage media shall be inventoried, reviewed, and approved regularly. Only approved removable storage media may be used upon approval. The use of the media, along with information such as the computer connected to the USB drive and the anti-virus scan result, shall be recorded.
Scan Removable Media on the Virus Scanning Kiosk
Removable storage media shall be scanned for malware on a dedicated virus scanning kiosk with the latest signatures before connecting to the system and documented as evidence.
Monitoring Unauthorized USB Connections to the System
Although the group policy is applied, changes may still occur. To ensure that no unauthorized USB devices are connected, the Windows Command can be run to check the USB devices currently in use:
reg query HKLM\SYSTEM\CurrentControlSet\Enum\USBSTOR\
To facilitate monitoring, I’ll run my PowerShell script regularly by configuring Task Scheduler on Windows. The script is accessible at Github.
Conclusion
To securely use removable storage media, we can follow the four steps outlined above: Restricting Access to USB Ports, Turning Off Autoplay, Using Encrypted USB Drives, and Establishing Processes for the Use of Removable Storage Media.
