Most people don’t consider their average USB memory stick to be a security threat. In fact, in a social engineering experiment conducted in 2016 at the University of Illinois and detailed in this research paper, a group of researchers dropped 297 USB sticks outside in the parking lot, in the hallway, and classrooms. Of the 297 USB sticks dropped,
290 were picked up and 135 (45%) called home. In order to encourage people to pick them up, some keys had door keys attached, some said “confidential” and some said “final exam” and had file names. As a result, the most opened keys were those collected in the parking lot (53%), while 68% of collectors said that they had plugged it in and opened files to determine the owner. Also, 20% of keys were opened in the first hour, and 70% within 35 hours. This type of social engineered USB attack is effective with an estimated success rate of 45-98% and expeditious with the first drive connected in less than six minutes. One of the researchers who conducted this experiment, Elie Bursztein, presented his findings at the 2016 Black Hat Conference and declared that they had been able to drop the USB sticks and it was “job done”.
Another reminder of the damage a USB security attack can cause is the highly destructive Stuxnet worm that was used to degrade and destroy hundreds of centrifuges at Iran’s uranium enrichment facility at Natanz a few years ago. This attack was in fact, initially introduced into the systems via an infected USB stick.
The fact that users plug such storage devices into corporate computers is obviously a nightmare for IT security professionals. USB sticks can be loaded with spyware, malware, or Trojans, which can not only steal your data but even destroy your computer. The good news is that, if you are a Red Hat Enterprise Linux user, you can prevent these USB attacks with USBGuard, which is included with the release of Red Hat Enterprise Linux 7.4. Inspiration for this is drawn from exploits like BadUSB.
USBGuard is a software framework that protects your systems against rogue USB devices by implementing basic whitelisting and blacklisting capabilities based on device attributes. This allows you to define access control to USB devices. For example, you can define what kind of USB devices are authorized and how a USB device may interact with your system. It enables you to lock down all USB devices from user space.
There are three main use cases for USBGuard: USB device whitelisting, USB device blacklisting, and triggering actions on USB device events. USBGuard can permit only known devices to create interfaces to it via USB (aka USB device whitelisting). Conversely, if a user doesn’t want to use a particular class of interfaces, he/she can block devices that want to communicate with the computer as an interface from that class (aka USB device blacklisting). The final use case for USBGuard would be triggering actions on USB device events, such as when a particular USB device or USB device class is inserted, removed, etc. This feature might be used for auditing USB usage, screen locking ,etc.
USBGuard is not installed by default. However, in Red Hat Enterprise Linux, you can install the precompiled packages in the Extras repository. Once installed, you control USBGuard by the settings in its usbguard-daemon.conf file, which is the USBGuard daemon configuration file. Then the daemon will decide which USB device to authorize based on a policy defined by a set of rules. When a USB device is inserted into the system, the daemon scans the existing rules sequentially and when a matching rule is found, it either authorizes(allows), deauthorizes (blocks), or removes (rejects) the device, based on the rule target. The default is to block the device until a decision is made by the user.
A quick way to start using USBGuard to protect your system from USB attacks is to first generate a policy for your system. Then, start the usbguard-daemon (systemctl start usbguard.service). You can use the USBGuard CLI command and its generate-policy subcommand to generate an initial policy for your system instead of writing one from scratch. The tool generates an allow policy for all devices currently connected to your system at the moment of execution. There are several options to tweak the resulting policy as outlined here. The typical workflow for generating an initial policy could look like this:
# usbguard generate-policy > rules.conf
# vi rules.conf
(review/modify the rule set)
# sudo install -m 0600 -o root -g root rules.conf /etc/usbguard/rules.conf
# sudo systemctl start usbguard.service
So what are you waiting for? If you want to safeguard your systems against USB based security attacks, be sure to install and utilize USBGuard for all your Red Hat Enterprise Linux systems!
Sobre el autor
Navegar por canal
Automatización
Las últimas novedades en la automatización de la TI para los equipos, la tecnología y los entornos
Inteligencia artificial
Descubra las actualizaciones en las plataformas que permiten a los clientes ejecutar cargas de trabajo de inteligecia artificial en cualquier lugar
Nube híbrida abierta
Vea como construimos un futuro flexible con la nube híbrida
Seguridad
Vea las últimas novedades sobre cómo reducimos los riesgos en entornos y tecnologías
Edge computing
Conozca las actualizaciones en las plataformas que simplifican las operaciones en el edge
Infraestructura
Vea las últimas novedades sobre la plataforma Linux empresarial líder en el mundo
Aplicaciones
Conozca nuestras soluciones para abordar los desafíos más complejos de las aplicaciones
Programas originales
Vea historias divertidas de creadores y líderes en tecnología empresarial
Productos
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Servicios de nube
- Ver todos los productos
Herramientas
- Training y Certificación
- Mi cuenta
- Soporte al cliente
- Recursos para desarrolladores
- Busque un partner
- Red Hat Ecosystem Catalog
- Calculador de valor Red Hat
- Documentación
Realice pruebas, compras y ventas
Comunicarse
- Comuníquese con la oficina de ventas
- Comuníquese con el servicio al cliente
- Comuníquese con Red Hat Training
- Redes sociales
Acerca de Red Hat
Somos el proveedor líder a nivel mundial de soluciones empresariales de código abierto, incluyendo Linux, cloud, contenedores y Kubernetes. Ofrecemos soluciones reforzadas, las cuales permiten que las empresas trabajen en distintas plataformas y entornos con facilidad, desde el centro de datos principal hasta el extremo de la red.
Seleccionar idioma
Red Hat legal and privacy links
- Acerca de Red Hat
- Oportunidades de empleo
- Eventos
- Sedes
- Póngase en contacto con Red Hat
- Blog de Red Hat
- Diversidad, igualdad e inclusión
- Cool Stuff Store
- Red Hat Summit