Companies should consider banning portable storage devices such as Apple's iPod from corporate networks as they can be used to introduce malware or steal corporate data, according to an analyst.
Small portable storage products can bypass perimeter defences like firewalls and antivirus at the mailserver, and introduce malware such as Trojans or viruses onto company networks, claimed analyst Gartner in a report issued this week. Analysts have warned for some time of the dangers of using portable devices, but the report points out these also now include "disk-based MP3 players, such as Apple's iPod, and digital cameras with smart media cards, memory sticks, compact flash and other memory media."
Another potential danger is that the devices -- that typically make use of USB and FireWire -- could be used to steal large amounts of company data as they are faster to download to than CDs. Also the size of the portable devices means they can be easily misplaced or stolen.
Gartner advises that companies should forbid the use of uncontrolled, privately owned devices with corporate PCs and adopt personal firewalls to limit what can be done on USB ports.
"Businesses must ensure that the right procedures and technologies are adopted to securely manage the use of portable storage devices like USB 'keychain' drives. This will help to limit damage from malicious code, loss of proprietary information or intellectual property, and consequent lawsuits and loss of reputation," the report stated.
See ZDNet UK's Insight channel for the full version of the report.
Talkback
The sky is falling, the sky is falling
Headline makes it seem to be iPods only, but the story is very different. Small USB flash memory devices and any MP3 player that connect to a computer are also a risk.
And don't forget CD/DVD drives, 3.5" diskettes and, if IT budgets have been tight for a while, 5.25" floppies . . .
Surely this situation is under control in well run IT departments by now.
This is BS because if you have your virus software configured correctly, it will deal with the "storage" portion of these disks like any other removable media.
wel, duh!
Of course, isn't this obvious?
And iPods are not a "security risk", but portable devices can be, but again, thats obvious.
I can see why you want the headline, but really ..
Don't quit you day job, unless, of course its this :|
Journalists Support Group Needed.
Is there some organisation out there, that offer help to journalists suffering from LurePodPhobia?
That strange condition, where an IT hack lives in fear that no-one will read his articles, unless he somehow manages to squeeze the word 'iPod' into the title?
Nicely sqeezed though Andrew .. it got me over here ... ;-)
What a tosser, "iPod's are security risk"
Typical of ZD, using an Apple based headline to make a story about general data storage devices a spin on dissing Apple. Again.
Same crap, different story.
Get a life,
anything just to get the macusers to visit -
time to do something construcive for Apple -
don't write anything about the Mac or Ipod...
200 GB Hard Disks threaten security Warns this analyst. Why are you employing people who you can't trust, maybe this question should be asked! John Nammer and myself have been working on work life balance and trust is a big stress factor.
Lets not forget to mock Gartner for their incredible "research".
Is it really possible for a worker to take sensitive date out and damaging software in, using removable devices?
Noo .. what a huge, new and scary "threat".
This is probably the next headline:
"Printers, xerox and fax-machines and the like are everywhere nowadays. Giving your staff free rein to use them at work could lead to breaches of security and loss of data"
" This underlying vulnerability has existed since the release of Microsoft Windows 2000 "
hehe
" Adopt personal firewalls to limit what can be done on USB ports. "
yeah, that makes sense
And the iPod has been out for what, three years now? Typical of ZDNet to take this long to figure this out.
Haven't Gartner got something more original to talk about? I guess they've not considered the role of those new fangled floppy discs, CDs and DVDs which also act as portable data devices!!!!
Shouldn't this be obvious, what pap. People will already be using these in the workplace anyway as portable storage, but about mobiles and every other form of portable storage, just shameless headline grabbing!
I suppose they will ban, Laptops with cd-burners and maybe smartphones and reminds of when they said floppy disk are a potential security risk, however none are unless a somebody makes that there use.
Point seen on a message board; "Here is an idea for this guys next article. Ultimate computer security don't turn on the computer.
"
The only security risks are the following:
1. Incompetent reporters spreading rumors and inaccurate information
2. Lazy/incompetent network admins that do not know how to protect their computers/netoworks
Any company that is serious about security of their data will start with controlling access to desktops and networks. Computers can be protected such unauthorized hardware may not be connected to the network either directly or indirectly.
I don't see Gartner advising against cell phones, why? Those things come with digital cameras capable and memory cards. They can be synchronised with desktop computers as well.
What about uncontrolled access to printers and faxes? Where is warning against email? Anyone set on stealing digital property may simply encode it with pgp and email it... What about CD burners installed by default into desktop computers?
Mr. Contu has to go back and do his homework again instead of publishing half finished report. It's hard to call it "report" It's more of a publicity stunt then any insightfull analysis.
ban suitcases too then...
after all, you can photocopy and print Gb worth of data and store inside these 'portable storage devices'
Analyst warns businesses to ban floppy disks... as floppy disks can intoduce viruses, be used to steal corporate data, and are small enough to be easily lost/stolen. Seriously, if you need to be THAT concerned about your security, you shouldn't be getting your security advice from ZDNet... but whatever sensationalism brings in that click-through revenue I suppose...
Gartner == Idiots. The same thing can be done with a CDR drive. Pfft.
Idiots. Is it really necessary in this political climate to introduce MORE useless fear into the world?
1. I bet the workstation had internet access lol
2. I bet no one checks the office cleaners lol
3. Disable usb in the bios if u don't want usb devices casually plugged in.
ps this article shows a really near sighted view of security.
Headline: Humans Are the Real Security Risk
It is prudent to not let any human access to the network - physically or remotely. These humans have ways of stealing, ranging from good 'ol copy machine use to the use of IPODs to store company data. By not letting humans access to the network, a company can keep it more secure.
Good grief people, Talk about Knee Jerk reactions yoursleves.
In a properly secure environment Cd-Burner and floppy drive access is already controlled, document removal is not permitted without approval.
However the changing of devices into commonly connected items with comparatively massive storage via a 'secure' PC within the firewall needs to be flagged so that people identify the risk.
The so-clled obvious to you needed to be stated, what may be easily identified to a user may be extremely difficult for an IT security officer to get lock-down of additional PC functions without some form of info to back them up.
So it says iPod, as it has become the fashion accessory of the good & great (sic!) then why not use it to demonstrate the problem. Just how many people would have looked if it had said usb attachable devices are security risk - close to none I would suggest.
It is probable the the vast majority of people reading this do so at work where they have access to the internet and external E-mail - if so they are not working in a secure environment - only one where the network is not attached to the internet or the outside world, where control to writable media is allowed only to specific people and only in certain cases with validation and one where all print-outs have to be signed for and are recorded will be one that is secure from everything except it's own users; and even then they can be corrupted.
The time you spend with security is dependent upon how important the info you are working with is to you and to what extent it's loss or compromise will damage you or others. Security should be appropriate for the job in hand, new devices bring new risks, these should be identified so people have the option/ability to secure their data against such a system
Q. How long have we known about this "vulnerability"?
A. Since the first floppy disk back in the IT stoneage.
Amazing research....
...Oh my god, and cell phones should be banned too, a.s.a.p. - I can do the same with
a nokia 5510 for instance, IPod net needed...!
- It takes nothing short of a genius to realize this horrifying "threat" - Incredible, really...
Comical
A lot of you are all taking the mickey about these 'security risks' and all saying how easy it is to remove the security risk by 'checking them' or 'implementing policy' but exactly how do you propose to do this and a) have a usable PC and b) be able to manage it i.e. enough of this 'switch it off in the BIOS' - not manageable and what do you do if a user needs to use USB?
Well if Goverment agencies or Companies are concerned with security they would not use winXP. It seems very foolish to me to use a closed source OS in the British secret service.... If they would run any flavor of linux this risk would simply not exist like hundreds of other issues with XP. One Article reads: the british secret service has just switched to the USB friendly OS windosXP.... why? One would think that such an organization would have their own software devs and their own OS based on whatever is out there...
Thats crazy! if ipods should be band than everything else like that should be band! BS! thats crap