USB - Ubiquitous Security Backdoor

by Erik Couture
Sept. 1, 2017 0 comments SANS Institute Pen Testing & Audits threats/vulnerabilities

The Universal Serial Bus is an omnipresent data and peripheral communication port that poses a security threat in any modern computing environment. While there are many disparate guides and best-practices for their use in a secured computing environment, this paper will break down the issue into its base components and assist the reader in assessing his or her own organizational security needs. Proposed is a holistic approach to USB port-security, examining the problem from user requirements definition to organizational threat-risk assessment and finally technical and procedural-based risk mitigation.