Let’s assume a usual situation. A client comes to our office and wants to provide documentation on a USB stick. In most organisations, with good judgement, they would not be allowed to connect this device to any equipment except perhaps that of the systems manager, who could take certain precautions. In others, with more stringent security requirements, the USB ports on computers are disabled and physically sealed to prevent human error. Luckily we have an authUSB, to which we will connect the memory stick.
From that moment, the behaviour of the device will begin to be monitored, both on an electrical and a hardware level. It’s not what it seems? It’s not acting as it should? It’s not only doing what it should? It has hidden or unidentified partitions? If the answer to any of these questions is YES, access will be denied and the user and the central supervision console will be notified, so that those responsible for security can track the incident and check if it corresponds to a pattern or a similar attack carried out against the organisation.
This monitoring will keep being performed continuously as long as the device remains physically connected.
No alerts are triggered, so we are going to access the device. To do this, just open a browser on your computer and access the address assigned to our authUSB, which may be connected to our local network or directly point to point.
Through this web interface we can browse through the partitions and folders of the device and select what we want to download
Once the files or folders have been selected, authUSB will start to analyse them with its integrated antivirus. In case of detecting any threat, it will deny the download and notify us of the incident. If the files are clean, the download will start from the browser. If our computer has (and should have) an antivirus installed, it will carry out a second analysis of the files since it would be treated in a similar way to a download from the internet.
We now have our files downloaded securely and we can extract and return the device to our client.
It is important to highlight:
- The external USB device was never in contact with any computer on the corporate network. Only with authUSB Safe Door
- The information flow is always inbound, from the USB memory stick to the computer, never in the opposite direction. USB devices are assembled as read-only and there is no interface to extract information from the client computer to external memory stick. There is the option, for organisations that request it, of being able to implement the extraction of information, which will always be previously authorised by the system administrator and audited by the Central Console, giving traceability to said extraction.
There are more complex configurations such as digital signature of downloaded information, multi-engine remote scanning, operator and client identification, black lists, unattended downloads, etc… which we will address in future articles.