For True Cyber Security, Using a USB Firewall Is Essential

Discussion in 'hardware' started by Minimalist, Mar 5, 2017.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    6,776
  2. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,643
    Location:
    Nebraska, USA
    This looks like a gimmick to me.

    First, if you are badguy, you are not going to use this.

    Second if you are good guy, you should not be sticking strange USB sticks into computers without knowing how that computer is set up to read removable drives. You should have your USB ports set to prompt the user to "choose what happens". Then "open the folder to view files" and scan them. USB ports should never be set to autorun anything - unless you know everything about that computer, the flash drives, and its contents.
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    6,776
    Is this possible without some 3rd party tools? I know that ESET has an option to monitor devices connecting to system but IDK if this could be achieved by system itself.
     
  4. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,684
    Location:
    Europe then Asia
    Last edited: Mar 5, 2017
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    6,776
    Yes, I use Group policy for "standard" autoruns to disable. But in this case attack happens on firmware level so when USB in inserted and recognized by system (drivers installed) it's too late already. USB stick will represent itself as keyboard and start running commands.

    EDIT: previous thread on this problem: https://www.wilderssecurity.com/thr...adusb-exploit-makes-devices-turn-evil.366653/
     
  6. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,684
    Location:
    Europe then Asia
    Last edited: Mar 5, 2017
  7. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,643
    Location:
    Nebraska, USA
    I don't use any 3rd party tools and Windows always prompts me whenever I connect any USB flash drive, my cell phone, my Garmin GPS - anything that has a memory card or memory device in it.

    In W10 (or Control Panel) search for Autoplay and change the settings "Ask me every time" or "Open folder to view (file explorer)" under Removable drive.
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    6,776
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    6,776
    This doesn't address a problem that this device tries to cover. When you connect it to USB port, rogue firmware presents device as keyboard, and system installs and registers it as such. Firmware then sends commands to system simulating keyboard. System doesn't even know that there is USB drive installed and so neither does AV or any other software. Commands coming from USB drive look just the same as if user has typed them.
     
  10. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,643
    Location:
    Nebraska, USA
    This is my computer and only I use it. There are no other user accounts on my computer. So yes it does address the problem because any USB storage device connected to my computer is just going to sit there and do nothing until I tell it too. I am not going to let strange USB devices be connected to my system. Yes, devices like my Microsoft keyboard or Logitech mouse can be compromised at the factory, then sealed in official packaging and shipped out to consumers, but that is extremely rare and unlikely.

    Only insert trusted USB devices into your computers.
    Do not use used/preowned USB devices, buy only new and sealed in original packaging devices. Those to avoid include those given away at promotional events.
    Never leave your computer or mobile device where unauthorized people can access it.
    And keep your anti-malware programs and Windows fully updated.​

    The security and anti-malware industries are fully aware of this problem. While your security programs may not be able to detect any malicious code in these devices, there is a good chance it will be able to detect the type malicious "activity" executed code may try to do - thus stopping the device from delivering its payload, or doing any damage.

    Lastly, and we will have to wait for this, the USB-C people are working on new protocols used to establish an encrypted connection first to ensure proper handshaking is done before any actual data transfer occurs. The original intent was to prevent cheap, badly constructed cables from damaging computers but they are supposedly working on a way to verify the connected device is legitimate before any malicious code is passed too. Of course, it will take years before that technology saturates the market - and by then the badguys will have something else up their sleeve. But it's a start and a good sign of things to come.
     
  11. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,684
    Location:
    Europe then Asia
    No you can't unfortunately, it is an "all or nothing" solution. One security apps offers to whitelist external devices via their MAC Adress, i forgot which one...
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    6,776
    Yes Eset has this option: http://support.eset.com/kb2513/?locale=en_US
    Maybe some other also...
     
  13. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    6,776
    @Bill_Bright
    Yes, I understand what you mean.
    From your previous posts I just didn't know if you understood what this device supposed to do.
     
  14. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,643
    Location:
    Nebraska, USA
    Yes, I understand.

    What I fear most "normal users" don't understand is that we, as general consumers don't have to harden (and bog down!) our systems (especially our personal "PCs" in our homes) with layers upon layers upon layers of specialized security programs - one for every type threat out there - just because the maker of such products say we do. Or because a few (relatively speaking) folks who use their computers in scenarios most of us don't encounter need too.

    The fact of the matter is, "For True Cyber Security, Using a USB Firewall Is NOT Essential" - or necessary for most of the users who read this forum.

    But if you, the user and always the weakest link in security, are lax in your user discipline, if your computer is regularly left unattended and exposed to strangers or untrustworthy/careless family members, house guests, co-workers, or workplace visitors; and/or if your computer is exposed to strange USB devices from unknown sources, then perhaps special layers of USB firewalls, anti-keylogger, anti-this and anti-that, on top of your regular anti-malware solution are justified.

    But if you are like most users of this forum and you have control over who has access to your computers, you keep your OS current, you keep your primary anti-malware solution current, you don't let untrustworthy people connect strange USB devices to your computer, and most importantly, you are not "click-happy" on unsolicited links, downloads, attachments, and popups, then a basic security setup is all you need.

    I agree 100% with Leo. If we are wrong as some on this site, many in the IT press, and the 3rd party anti-malware makers want you (speaking to the crowd) to believe, 100s of millions (perhaps 1 billion plus! :eek:) Windows computers would be totally infested! But that is just NOT happening!

    A basic (minimalist? ;))approach is all the vast majority of us need. As Leo correctly notes, (edited by me for brevity) for
    The only thing I will add is really just for peace of mind to give us reassurance - regardless our primary anti-malware solution of choice - is to add an on-demand scanner for double-checking. And I recommend Malwarebytes for that.
     
  15. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,236
    I am the only one that does the sticking of a USB stick on my laptop. ;)

    USB_ I do the sticking in USB port_01.JPG
     
  16. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    4,121
    Location:
    Among the gum trees
    HitmanPro.Alert already protects my machines against BadUSB.
     
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    6,776
    http://mashable.com/2017/05/26/vaping-digital-security-virus-usb
     
Loading...