Must Read: Sorry, but bringing back the Start menu won't help Windows 8

Topic: Hardware

US Defense Department to partially lift flash drive ban

Summary: The U.S. Department of Defense ban on USB thumb drives will be partially lifted to allow authorized people to use official flash drives for mission-critical functions.

Elinor Mills

By Elinor Mills |

The U.S. Department of Defense ban on USB thumb drives instated nearly a year ago will be partially lifted to allow authorized people to use official flash drives for mission-critical functions, according to a top military official.

"In the future, we expect that a government-owned and procured USB flash media, that is uniquely and electronically identifiable for use in support of mission-essential functions on DoD networks, will be permitted for use by authorized individuals," Robert Carey, chief information officer for the Department of the Navy, wrote in his blog recently.

Thumb drives, CDs, and other removable storage devices were banned last November after military computers became infected with a worm that was partially spread by thumb drives.

For more, read "US Defense Department to partially lift flash drive ban" from CNET News.

Topic: Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

11 comments
Log in or register to join the discussion

  • I never understood the ban...

    All that was needed was a registry entry to disable autorun so it did not parse the autorun.inf file, then use GPO's to disable autoplay. I guess its better to be safe then sorry but still...
    NoThomas
    Reply Vote

    • It is trange that this Autorun function still exists at all

      For me it is really strange that Autorun exists at all.
      Nikolayev
      Reply Vote

      • They took it out in win7

        It no longer exists, I think they added autorun in 95, it was fine then it was not until a few years ago when hackers figured out it would be a good way to spread viruses, and boy were they right.
        NoThomas
        Reply Vote

        • Wasn't it out in VIsta too?

          I can't remember the last time I've had anything trying to autorun
          tikigawd
          Reply Vote

          • I am not totally sure

            I cant answer that, I do not think so though I think they took it out of win7,
            NoThomas
            Reply Vote

          • Auto run works on Vista boxes here

            Not sure if that was configuration someone set though.
            voska1
            Reply Vote

    • I did.....

      The issue with flash drives is they are so widely available, everyone is tempted to use them to transfer files.

      Disabling autorun only limits one type of attack.....

      Attacks like disguising exe's as document files are not stopped by this method, lets face it, at some point the file will be opened, to see what it is.

      My employer has also implemented an outright ban on removable media.
      jonesyx2
      Reply Vote

      • That might have helped some

        But not everything. I would've liked to hear more of the ground zero events that led to it. They kinda threw the baby out with the bathwater. Really hurt our productivity, since my shop did digital photography. So we couldn't even take the card out the camera or tether it to transfer the items needed to work on.
        ScouterDude
        Reply Vote

    • Do this also

      That and they should harden all there systems and the network so if one infected machine can't do much at all. That's what we do. Sure a machine get infected then it tries to infect other machines only to be blocked by access control lists. If it does find a way past the access control list it gets to harden machine that has no listening ports due to reduced services and personal firewalls. So it's only vector of attack is the server network on limited ports to limited servers that are also hardened. The biggest hole happens to be AD but that's patched regularly limiting it to zero day vulnerabilities. As well there are trip wire everywhere so when a client PC start behaving oddly the network port is shutdown. It's stuff like if services are stopped and started that normally wouldn't be like AV software or if new admin accounts are created the port is downed. If the machine starts trying to communicate to another client PC it's blocked and logged where enough of these shuts the port. Basically an infection is caught in seconds and isolated.

      Security is all about layer, monitoring and responding. A blanket ban on USB drives is extreme but there are times when it should be done. More in times when you want to make sure people can't take confidential information home for business or nefarious purposes. But to prevent the spread of viruses it's extreme.
      voska1
      Reply Vote

    • it's not just about autorun...

      I work at one of the NOSC's. They didn't just ban USB flash devices because of the worm. They banned them because no matter how much you try to educate the users on safe practices like OPSEC and COMSEC, users will always jack something up. They will transfer stuff from Classified to Unclassified systems without Toolboxing the materials to make sure they were safe for the Unclass network.

      Transferring files isn't impossible. On some networks they've made USB flash drives allowable, however, you must register them with the NCC and each USB flash drive can only be used on a specific computer. If the the USB drive is plugged in anywhere else, the computer's port is immediately shut off, and an email is automatically sent to the NCC with the computer name and the logon name of the user that plugged it in. And, the user's account is automatically disabled. Also, CD/DVD transfer is very easy. They just need a CSA/WGM that has admin rights to use the CD burner. It's not a difficult process by any means.
      cnstarzz
      Reply Vote

  • Just shut off Autorun

    I do that on my PC at home. No sense letting the ChiComs download spyware on my PC every time I plug a picture frame into it.
    LarryPTL
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close