Here's the thing: We all have a plethora of flash drives, MP3 players, and USB disk drives. Yes, these may be a great way to replicate music or transport files, but they also create a huge security vulnerability. When you plug in the 250GB drive you bought at Fry's Electronics at lunch, you can steal a heck of a lot of data.
When IEEE 1667 is in place, the risks associated with this vulnerability decrease substantially because only authenticated devices will be accepted. I can provide my employees with specific types of IEEE 1667-compliant devices that can be authenticated and used. All others, including that device you bought at Fry's Electronics, won't work. Assuming that you can audit the use of these devices, this provides security without compromising usability--a win-win in the security management world.
Of course, there are things I can do today to address this issue. I can fill USB ports with glue, rendering them unusable. (Don't laugh, lots of people actually do this.) I can turn off all USB ports using configuration software. I can also use some proprietary software that does the same thing as IEEE 1667 with "proprietary" being the key word. These are all-or-nothing propositions.
IEEE 1667 to offer much better security than USB
Posted on Sunday, November 30 2008 @ 11:45 CET by Thomas De MaesschalckCNET talks about the IEEE 1667 standard for storage devices, which is supported by the upcoming Windows 7 operating system and designed to improve security:
