US Defense Department to partially lift flash drive ban

Elinor Mills CNET News | October 27, 2009 6:13 AM PDT

Summary

The U.S. Department of Defense ban on USB thumb drives will be partially lifted to allow authorized people to use official flash drives for mission-critical functions.

Topics

USB Flash Drive, U.S. Department Of Defense, Flash Memory, thumb drives, ban, defense, Elinor Mills CNET News

Vendor HotSpot

Here to help you with your Document Management Needs

Read the DocuMentor blog now

Learn More »

The U.S. Department of Defense ban on USB thumb drives instated nearly a year ago will be partially lifted to allow authorized people to use official flash drives for mission-critical functions, according to a top military official.

"In the future, we expect that a government-owned and procured USB flash media, that is uniquely and electronically identifiable for use in support of mission-essential functions on DoD networks, will be permitted for use by authorized individuals," Robert Carey, chief information officer for the Department of the Navy, wrote in his blog recently.

Thumb drives, CDs, and other removable storage devices were banned last November after military computers became infected with a worm that was partially spread by thumb drives.

For more, read "US Defense Department to partially lift flash drive ban" from CNET News.

Talkback Most Recent of 11 Talkback(s)

Follow via:: RSS; Email Alert

I never understood the ban...

All that was needed was a registry entry to disable autorun so it did not parse the autorun.inf file, then use GPO's to disable autoplay. I guess its better to be safe then sorry but still...
NoThomas
27th Oct 2009
- Reply to
- Flag
It is trange that this Autorun function still exists at all

For me it is really strange that Autorun exists at all.
Nikolayev
27th Oct 2009
- Reply to
- Flag
They took it out in win7

It no longer exists, I think they added autorun in 95, it was fine then it was not until a few years ago when hackers figured out it would be a good way to spread viruses, and boy were they right.
NoThomas
27th Oct 2009
- Flag
Wasn't it out in VIsta too?

I can't remember the last time I've had anything trying to autorun
tikigawd
27th Oct 2009
- Flag
I am not totally sure

I cant answer that, I do not think so though I think they took it out of win7,
NoThomas
28th Oct 2009
- Flag
Auto run works on Vista boxes here

Not sure if that was configuration someone set though.
voska1
28th Oct 2009
- Flag
I did.....

The issue with flash drives is they are so widely available, everyone is tempted to use them to transfer files.

Disabling autorun only limits one type of attack.....

Attacks like disguising exe's as document files are not stopped by this method, lets face it, at some point the file will be opened, to see what it is.

My employer has also implemented an outright ban on removable media.
jonesyx2
27th Oct 2009
- Reply to
- Flag
That might have helped some

But not everything. I would've liked to hear more of the ground zero events that led to it. They kinda threw the baby out with the bathwater. Really hurt our productivity, since my shop did digital photography. So we couldn't even take the card out the camera or tether it to transfer the items needed to work on.
ScouterDude
27th Oct 2009
- Flag
Do this also

That and they should harden all there systems and the network so if one infected machine can't do much at all. That's what we do. Sure a machine get infected then it tries to infect other machines only to be blocked by access control lists. If it does find a way past the access control list it gets to harden machine that has no listening ports due to reduced services and personal firewalls. So it's only vector of attack is the server network on limited ports to limited servers that are also hardened. The biggest hole happens to be AD but that's patched regularly limiting it to zero day vulnerabilities. As well there are trip wire everywhere so when a client PC start behaving oddly the network port is shutdown. It's stuff like if services are stopped and started that normally wouldn't be like AV software or if new admin accounts are created the port is downed. If the machine starts trying to communicate to another client PC it's blocked and logged where enough of these shuts the port. Basically an infection is caught in seconds and isolated.

Security is all about layer, monitoring and responding. A blanket ban on USB drives is extreme but there are times when it should be done. More in times when you want to make sure people can't take confidential information home for business or nefarious purposes. But to prevent the spread of viruses it's extreme.
voska1
28th Oct 2009
- Reply to
- Flag
it's not just about autorun...

I work at one of the NOSC's. They didn't just ban USB flash devices because of the worm. They banned them because no matter how much you try to educate the users on safe practices like OPSEC and COMSEC, users will always jack something up. They will transfer stuff from Classified to Unclassified systems without Toolboxing the materials to make sure they were safe for the Unclass network.

Transferring files isn't impossible. On some networks they've made USB flash drives allowable, however, you must register them with the NCC and each USB flash drive can only be used on a specific computer. If the the USB drive is plugged in anywhere else, the computer's port is immediately shut off, and an email is automatically sent to the NCC with the computer name and the logon name of the user that plugged it in. And, the user's account is automatically disabled. Also, CD/DVD transfer is very easy. They just need a CSA/WGM that has admin rights to use the CD burner. It's not a difficult process by any means.
cnstarzz
29th Oct 2009
- Reply to
- Flag
Just shut off Autorun

I do that on my PC at home. No sense letting the ChiComs download spyware on my PC every time I plug a picture frame into it.
LarryPTL
27th Oct 2009
- Reply to
- Flag