Are You Protected from BadUSB?

Security in the data center already is a challenging aspect for many professionals to juggle. Aside from constantly dealing with digital threats, system administrators also need to ensure their systems are protected from physical attacks. In fact inside attacks often do more damage than outside attacks because they are harder to spot and the attacker often is a trusted party who has enhanced access to the systems in question.

usb

A new piece of malware known as BadUSB allows a determined attacker to reprogram virtually any USB device to perform malicious actions such as: emulating a keyboard and issuing commands on behalf of the logged-in user; spoof a network card to change the DNS settings and redirect traffic; and modify a device to load a virus upon boot up to infect the system before the operating system is loaded.

Unlike many other digital threats which can be mitigated with standard security utilities, Bad USB is unique because most utilities cannot access the firmware on USB devices. ~~~~ Activity monitoring also only does so much against this threat as Bad USB is programmed to change its behavior every time it is executed on a device. The most devastating note about Bad USB is that it is impossible to clean up after an infection. Reinstalling the operating system or restoring a backup often is an option for most traditional infections but BadUSB goes a bit deeper.

Since the malware infection occurs at the hardware level, key system devices such as the webcam, keyboard and any other USB component can be infected during a single incident. Even after a system reinstall the malware remains in place ready to be re-launched when the user is back on their system. A BadUSB infection even can replace the system BIOS by emulating a keyboard and unlocking a hidden file on the malicious device.

In a datacenter, having to dispose of entire workstations is never an ideal solution to preserving system integrity. This is why system administrators need to set proper security precautions across all their digital infrastructure. In the case of core servers, systems should be kept in locked cages at all times and employees should be prohibited from using USB unnecessarily. When possible software updates should be loaded on the server either through a CD-ROM or network download.

For standard workstations, administrators can also can lock USB port use on Windows 7 and 8 PC’s. For companies which still have a legitimate need for USB drives, there is hope. While security software might not be able to detect BadUSB malware, it can block unauthorized code from executing on the workstation.

Since data center management is such a complex field, finding a quality DCIM solution is essential for effective management of your systems.

Comments (0)