HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 48 guests and 4 members online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Malwarearrow Military Bans Removable Media
EH-Net
May 24, 2012, 08:50:17 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Military Bans Removable Media  (Read 7521 times)
0 Members and 1 Guest are viewing this topic.
jason
Hero Member
*****
Offline Offline

Posts: 945



View Profile
« on: November 20, 2008, 08:01:10 AM »
Due to the spread of the Agent.btx worm, removable media have been banned from sipr and nipr nets. While the article discussed the army specifically, it sounded like this was going to be implemented for all branches. Seems like a fairly serious situation.


http://blog.wired.com/defense/2008/11/army-bans-usb-d.html
Logged
sgt_mjc
Sr. Member
****
Offline Offline

Posts: 294


View Profile
« Reply #1 on: November 20, 2008, 08:33:09 AM »
It surprises me that they have not done this before. I know that the only removable media currently authorized on our classified systems for data transfer are CDs. Of course there are plenty of restrictions on how to use them for this purpose, but as far as other media goes, we are not even allowed to take a thumb drive in to the classified lab. We'll watch and see how this plays out.
Logged
Mike Conway
CISSP
CompTia Security +
C|EH
jason
Hero Member
*****
Offline Offline

Posts: 945



View Profile
« Reply #2 on: November 20, 2008, 08:47:50 AM »
It certainly does seem to be the logical move. It surprises me that they were this lax about it to begin with.
Logged
LSOChris
Guest
« Reply #3 on: November 20, 2008, 10:38:53 AM »
well you are only "supposed" to use govt issued usb drives that would only touch other govt systems which "should" stop that, but we all know how well that works...
Logged
Andrew Waite
Hero Member
*****
Offline Offline

Posts: 857



View Profile WWW
« Reply #4 on: November 20, 2008, 10:58:14 AM »
Quote from: ChrisG on November 20, 2008, 10:38:53 AM
well you are only "supposed" to use govt issued usb drives that would only touch other govt systems which "should" stop that, but we all know how well that works...
Chris beat me too it  Sad. Has anyone read how they intend to enforce this?

I'm hoping they'll be some form of edge protection to stop the functionality of USB drives if inserted, rather than 'please don't do that'. But from the mention of govt issued devices in the future I'm guessing not. Looks like an way to create scapegoats rather than address the fundamental issues.

From those in the know does the military not already have a boiler plate AUP stating 'don't connect nasty things to our network'? If so, how is this different?
Logged
-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk
LSOChris
Guest
« Reply #5 on: November 20, 2008, 10:59:52 AM »
ha i win!

they do have the AUP, i think this is a "dont do anything until your drive has been scanned" scenario, just to curb the spread.  least thats what the article said.
Logged
jason
Hero Member
*****
Offline Offline

Posts: 945



View Profile
« Reply #6 on: November 20, 2008, 11:22:53 AM »
Quote from: ChrisG on November 20, 2008, 10:59:52 AM
i think this is a "dont do anything until your drive has been scanned" scenario, just to curb the spread.

Which will of course be totally useless if you turn right back around and plug it into your spammy, malware-ridden, porn storage device again.
Logged
LSOChris
Guest
« Reply #7 on: November 20, 2008, 12:49:05 PM »
exactly
Logged
sgt_mjc
Sr. Member
****
Offline Offline

Posts: 294


View Profile
« Reply #8 on: November 20, 2008, 12:55:30 PM »
It cracks me up, but you are right about the AUP: scan then use..... Of course we all know that only works if there is a signature for the malware and IF the end user actually does scan it. Oh well....
Logged
Mike Conway
CISSP
CompTia Security +
C|EH
jason
Hero Member
*****
Offline Offline

Posts: 945



View Profile
« Reply #9 on: November 28, 2008, 09:22:16 PM »
Another article with slightly more detail on the specifics of the malware issue:

http://www.latimes.com/news/nationworld/iraq/complete/la-na-cyberattack28-2008nov28,0,230046.story
Logged
LSOChris
Guest
« Reply #10 on: November 28, 2008, 10:33:05 PM »
Quote from: sgt_mjc on November 20, 2008, 12:55:30 PM
It cracks me up, but you are right about the AUP: scan then use..... Of course we all know that only works if there is a signature for the malware and IF the end user actually does scan it. Oh well....

what you mean all AV doesnt find custom written malware...oops.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.185 seconds with 22 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.