Pen drives and Security

In one of my earlier projects, we were working on two networks – one was the network of my company and the other was the network of the my client. The client’s network was very restricted as we were connecting through a link and their security policy was very restrictive. We spent major part of the day working on the client’s network. This fueled our frustration as we were not able to download free software to aid development activities or access Google from their network.

In order to overcome this hurdle, some of my colleagues used pen drives to transfer data. Although we admonished the perpetrators, it was very difficult to track these activities. Moreover, as they were a lot of young people on board, some of them either didn’t realize the importance of not doing so or were forced to take a short cut due to the mounting pressure from the stringent deadlines.

Last week, I was listening to Richard Clarke’s interview on internet and the lack of security. In his interview, he talks about the security breach in Pentagon. Pentagon has two sets of networks – classified and unclassified. People were downloading programs from unclassified network into their thumb drives and uploading these into the classified network. The Russians, after figuring this out, came out with a virus that looked for these internet addresses in the unclassified network and then the computers on the unclassified network with thumb drives. The virus was downloaded onto the thumb drive on these computers. The virus then was then propagated to the classified network when somebody was transferring files.

There is no point in having two networks unless there is a discipline inbuilt in the users. Richard Clarke emphasizes on the discipline.

In order to avoid further mishaps like this, Pentagon went around with cement and blocked all thumb drives on the computers. Though cementing technique may seem harsh, this was an efficient way to prevent further damages!

Security protocols are implemented so that our sensitive information is not leaked to the customer. What is sensitive information? Anything and everything is sensitive. The world is full of brainy people. They can easily backtrack and find out more information from the seemingly non-vital information.

So the next time, you are cutting corners, think twice. It is always hard to do the right thing.