In response to the recent security breach at Los Alamos where three USB flash drives were discovered during a drug raid of a former Los Alamos contractors home, it seems that Los Alamos has come up with a solution to their USB woes. Super Glue the USB ports. That’s right, Los Alamos Nuclear Labs, one of the top US research labs with some of the smartest scientists and engineers has decided that Super Glue is the best answer to their endpoint security problems.
What about PCMCIA slots, PS/2, Serial Ports, Firewire ports and CD-ROM drives? What will happen when a researcher needs to use a biometric device, or other USB device? The computer system is now ruined and will have to have the USB ports replaced, or the system replaced. Your tax dollars at work.
The inability to provide granular control of removable media devices is a flaw in operating systems, particularly Windows. Fixing the problem with hardware modifications is not the answer, there are endpoint security software solutions which work with and enhance Windows to provide granular access control of devices, allowing administrators to decide who has access to what specific devices and what kind of access they have (read/write). These solutions also provide more robust features such as forensic auditing allowing administrators to see what devices are being connected to the network, as well as what files are being and have been transfered to those devices. In the Los Alamos case, this would have allowed IT administrators to know what data Jessica Quintana had brought home with her instead of the FBI stumbling on the data by pure luck.
Also, products like DeviceWall from Centennial Software has built in USB encryption, that allows administrators to require all data being written to a USB flash drive be encrypted. Again in the Los Alamos case, even if a USB flash drive full of nuclear secrets was discovered it would not be readable.
I think as a general rule, anytime an IT security solution involves the use of Super Glue, Duct Tape, or any other sort of adhesive, it might be time to reassess your overall security strategy.
