Slashdot Mirror


iPod: Your Portable Corporate Hellraiser

MrAndrews writes "In an article on ZDNet UK, a Gartner says that "Companies should consider banning portable storage devices such as Apple's iPod from corporate networks as they can be used to introduce malware or steal corporate data" I recently came into contact with a similar policy at a consulting firm that was concerned that top-secret information might escape through my USB watch, and made me leave it at the front desk every day. In that case, I know it was absurd overkill ... but is this concern a legitimate concern? No more music on the way into the office?"

8 of 679 comments (clear)

  1. just the reverse here.. by Lumpy · · Score: 5, Interesting

    corperate just recently issued 1GB thumb drives to all employees. we find it's easier for the users to back up their own crap and transfer it that way.

    teaching a user about network storage or even using the IRDA file transfer was unsucessful... yet these dolts took to using the thumb drives like it was second nature.

    so now usb storage devices are required and issued to users.

    --
    Do not look at laser with remaining good eye.
  2. Mod this guy up ... by YankeeInExile · · Score: 5, Interesting

    That is interesting (that your users were confused by using a network file share, but found the thumb drives intuitive.)

    Is it the fact that there is a physical artifact that makes the idea of "your files are going here" easier to map into their worldview? UI Designers Take Note. This might be on the test.

    --
    How does the Slashdot Effect happen given that no slashdotters ever RTFA?
    1. Re:Mod this guy up ... by haystor · · Score: 5, Interesting

      That would be my guess. After supporting a customer service system as a programmer and trying to pull troubleshooting information out of them for a while I learned that they think in terms of location.

      They would say things like, "This data isn't in this program." They thought of the data as being in a specific program. If all their programs stopped retreiving data at once they would tell me that all the programs were broken rather than the database was down. No amount of explanation could convince them the data was in the database. For their purposes their view of things was perfectly appropriate I suppose, but it didn't help troubleshooting.

      --
      t
  3. Depends on strictness by jawtheshark · · Score: 5, Interesting
    I work as a contractor at a bank. Now, they are extremely paranoid about data being carried out of the bank. The only thing is: they aren't consequent. Yeah, they locked down the internet. Nobody can access it unless, you go on a second network that has internet access. No PC here has a CD drive (so no importing of your favourite games, screensavers and other crap and warez)

    But they do allow diskettes (friggin diskettes! Do you know how much customer data you can put on a diskette?). Then I also found out that the "internet-network" (which only internals have access to with a NT username/password) operates simply on DHCP, no MAC address checking: the only "security-check" is the NT-Domain login. Why did I find this out? Simple: these morons allow contractors to have laptops, so I once just plugged it in that network. Worked instantly. Now there is a security concern in my eyes! For crying out loud, I have a Mac, I don't even need a crosscable to pump over data from my work-PC to my Mac. Imagine what kind of data I could take away with that! Nobody evere stopped me at the entrance/exit with my laptop bag. Nobody.

    You see, if you want security, you need to ban every device that can be networked somehow. It's that simple. Yes, this includes your iPod. So, I supect that this is only a great concern in governmental instituation (top-secret clearance), but in the "highly sensitive environment" of banking they don't get it at all.

    Hey, I pointed out their flaws and I was told to shut up.

    --
    Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
  4. More at the movies by randomErr · · Score: 5, Interesting

    Remember last year, the movie 'The Recruit'? One of its big premises was that a CIA agent was smuggling out data; but they couldn't figure out who was stealing the information, and how. The smuggling device turned out to a common USB flash drive hidden under a coffee thermos's seal. The USB drive didn't come up in the CIA scans because the drive wasn't active; the inactive drive wasn't giving off any EM for them to detect.

    I think USB, IR, and now 802.11 devices and Bluetooth enabled cell phones could be a real concern for data centric firms.

    As a side thought, companies may begin to ban cell phones as well. Late last year SlashDot had an article about a cell phone detection device made in Israel. People were leaving modified cell phone in planters. The modified phones would transmit the conversation of anyone in the room for about a week. Thus making a cheap spy toy.

    --
    You say things that offend me and I can deal with it. Can you?
  5. Re:Common Policy by halowolf · · Score: 5, Interesting
    In my former full time job, I got to visit a company that specialised in tempest shielding and the like. After I finished the job I was doing there, they showed me around, showing how they could read a remote monitor, tv, cable, all sorts of things. They even jammed my mobile phone for me, so I could see how such things worked in action.

    That day I wanted a tin foil hat lol.

  6. Re:Not so "absurd" by ch-chuck · · Score: 5, Interesting

    (except a camera)

    True story: a former supervisor took a Sony Mavica (uses a dos fmt floppy disk) onboard a ship with Soviet missles where he should not have and took pictures of them. When the rent-a-cop spotted this he asked that the pictures be deleted. My super handed me the disk and we did the old dos 'undelete' trick with Norton Utilitues and got the pictures back, no problem ;) This was after '96.

    --
    try { do() || do_not(); } catch (JediException err) { yoda(err); }
  7. Re:Not so "absurd" by Yewbert · · Score: 5, Interesting
    Not to skirt the question, but is this really "absurd overkill?" I'm sure that USB pens/watches/etc have been a boon to corporate espionage.

    I'm not yet sure if it's going to fall into the category of "absurd overkill," but at my workplace (a large FDA-regulated manufacturing and research facility), we've just disabled USB support entirely on the machines comprising our HVAC distributed control system. The reasons behind this are partly due to, first, questionable processes of vendor-support technicians using their USB thumb-drives to move system configuration files around from one network instance to another (which is perfectly reasonable and needed sometimes, it's just that they're doing it ad hoc without supervision and, under FDA regs, this raises the questions of 'how much control do we really have over our system?' and 'has the system's "validated" state been disturbed by this laxness?'), and second, as far as we've been able to tell, the anti-virus software we use doesn't automatically scan, say, thumb-drives when they mount (though it really seems that it should, and I still need to do some investigation there in my copious free time).

    On the side of the argument calling it all "absurd overkill" - this clamp-down just makes it that much more inconvenient for people using the system to do their job, while not really tightening security up that much, since most people who have access to the system in the first place can figure out plenty of work-arounds. (Hell, part of my job is figuring out those work-arounds - it's why they pay me the Big Bucks(TM), (yeah, right).)