EndPointScan: Scan your network for USB-related security risks


Advertisements

By Kiltak
[GAS] Technology News 

GFILet’s face it, in recent years, the rapid propagation and uncontrolled use of portable mass storage devices has started to pose considerable security risks to corporations. While being very useful, a simple USB key, and even an iPod, could easily be used to steal data or to introduce viruses and other nasties to your network.

Security researchers have long warned us about the risks associated with portable storage devices and how vital it is for companies do something about them. But before going further, let me ask a question to those of you who are in charge of administrating a network: What is your company doing to minimize those risks?

I’ve heard many proposed answers to this inquery; everything from filling USB ports with epoxy, to disabling them completely via BIOS or by implementing group policies. However, in most situations, people won’t do a thing about them, and if this is the case where YOU work, you really need to do something about the situation.

GFI, a security software company that has long been a favorite of mine, has just come out with a simple, elegant solution to the problem. Their answer is named EndPointScan, and it is a free online service that allows you to check which devices are or have been connected to computers on your network (and by whom).
 
EndPointScan carries out granular checks across all types of ports – USB, Firewire, Bluetooth, Infrared, PCMIA and Wi-Fi – on all machines. This utility provides complete and thorough information about all portable devices and can scan multiple computers simultaneously. EndPointScan is fully compatible with existing network management or administrative tools such as Active Directory and it will also work on Vista systems.

In my case, the application worked flawlessly – just like all other GFI products I’ve used in the past- and did the job it was designed for perfectly.

Defining an IP rangeFirst, before using the tool, you’ll need to install its ActiveX component. Then, a Web interface will ask you about what computers you want to scan: a single machine or a range (or list) of them. It will then proceed to scan your network based on the chosen settings.

 Scanning for USB security risks

When finished, the application will display a report providing details about which computers may be at risk, and when expanded, will list the devices that are or have been connected to them. Here is a picture of a sample report.

 

Globally, I must say that I was pretty impressed by the ease of use of this application and the level of information it brought me. Even if EndPointScan will not prevent people from using USB devices on your network, it will at least paint you a good portrait of what is happening in your environment.

Hmm… I wonder what the application will detect if I ever feel like connecting one of those USB humping dogs to my box. Will it be considered as a security risk? Maybe someone from GFI will eventually end up here and provide us with an answer. :)





21 Responses to EndPointScan: Scan your network for USB-related security risks

  1. Pingback: links for 2007-05-11 « My Weblog

  2. Pingback: [GAS] Giveaway: Free GFI T-Shirts and Frosted Mugs | [Geeks Are Sexy] Technology News

  3. great tool, we should definitly use that in our company. even if the security policy is quiet strict here in the building i work, you can _always_ get in any kind of digital mobil device and connect it _anywhere_ at the company's desk.

    i will for sure suggest this tool to our CNA-department, hopefully they will give it a try. just 2 months ago people claimed about losing data while they where at a short coffee-break – you can never be sure what happens while you're not at your computer.

    michael ([GAS]-reader)

  4. great tool, we should definitly use that in our company. even if the security policy is quiet strict here in the building i work, you can _always_ get in any kind of digital mobil device and connect it _anywhere_ at the company’s desk.
    i will for sure suggest this tool to our CNA-department, hopefully they will give it a try. just 2 months ago people claimed about losing data while they where at a short coffee-break – you can never be sure what happens while you’re not at your computer.

    michael ([GAS]-reader)

  5. In the company i work, actually we dont have any rules against the use of USB devices, but we are thinking about stablishing some new policies about it. Specially since the size of this things is enough to copy/paste most of our crucial information.

    This tool comes in handy in this scenario, to counter check it the Group Policy is properly implemented.

  6. In the company i work, actually we dont have any rules against the use of USB devices, but we are thinking about stablishing some new policies about it. Specially since the size of this things is enough to copy/paste most of our crucial information.

    This tool comes in handy in this scenario, to counter check it the Group Policy is properly implemented.

  7. We have no rules in our offices against the use of USB, however, with increasingly more sensitive data being transferred, companies need to be aware of tools such as this.

  8. We have no rules in our offices against the use of USB, however, with increasingly more sensitive data being transferred, companies need to be aware of tools such as this.

  9. Hey guys,

    great post (again). I work as a sys admin for the public sector and we are constantly on the lookout new ways to track security risks. Over the last few years, portable devices have been a “sword of Damocles” of sorts hanging over our heads waiting to fall. I, and my colleagues, feel that they are a far greater risk to security (not to mention data integrity and confidentiality risks as well) than upper management is willing to recognize. This tool will help us in our research for effective solutions.

    Keep up the good work!

  10. Hey guys,

    great post (again). I work as a sys admin for the public sector and we are constantly on the lookout new ways to track security risks. Over the last few years, portable devices have been a “sword of Damocles” of sorts hanging over our heads waiting to fall. I, and my colleagues, feel that they are a far greater risk to security (not to mention data integrity and confidentiality risks as well) than upper management is willing to recognize. This tool will help us in our research for effective solutions.

    Keep up the good work!

  11. It's a pity that they chose to implement this as an ActiveX control because that limits the number of end users. <blockquote cite="http://www.endpointscan.com/">Requirements for the test

    * Windows 2000, XP or 2003 as operating system. Not Windows 9X or NT!

    * Microsoft Internet Explorer 6 or later with Internet security settings set to Medium. Please note that this version of EndPointScan does not work with Mozilla FireFox.

    NOTE: You need administrator rights and privileges to set Internet security settings and execute EndPointScan.

    Most IT professionals are wary of ActiveX controls and Internet Explorer in general.

    • Good point Matthew .. I had the exact same thought at first, but since GFI is one of the company that I've been trusting for a while, I decided to test the application anyways. With the ever increasing number of firefox users, I think GFI should definitely look at a way to code their application to be usable in multiple browsers

      I can understand why they made it that way though. Since ActiveX is proprietary and is made to work under IE and Windows, coding applications that access the operating system with it must be a lot faster and effective.

      I know there is a Firefox plugin(s?) that permit people to use ActiveX under Mozilla's browser, so maybe GFI should look at a way to use this to their advantage. Some browser independant code would still be the best solution, but we don't live in a perfect world, and sometimes, we don't always get what we want right away :)

  12. It’s a pity that they chose to implement this as an ActiveX control because that limits the number of end users.

    Requirements for the test

    * Windows 2000, XP or 2003 as operating system. Not Windows 9X or NT!
    * Microsoft Internet Explorer 6 or later with Internet security settings set to Medium. Please note that this version of EndPointScan does not work with Mozilla FireFox.
    NOTE: You need administrator rights and privileges to set Internet security settings and execute EndPointScan.

    Most IT professionals are wary of ActiveX controls and Internet Explorer in general.

    • Good point Matthew .. I had the exact same thought at first, but since GFI is one of the company that I’ve been trusting for a while, I decided to test the application anyways. With the ever increasing number of firefox users, I think GFI should definitely look at a way to code their application to be usable in multiple browsers

      I can understand why they made it that way though. Since ActiveX is proprietary and is made to work under IE and Windows, coding applications that access the operating system with it must be a lot faster and effective.

      I know there is a Firefox plugin(s?) that permit people to use ActiveX under Mozilla’s browser, so maybe GFI should look at a way to use this to their advantage. Some browser independant code would still be the best solution, but we don’t live in a perfect world, and sometimes, we don’t always get what we want right away :)

  13. Nice one! Thanks for the tip!

    Last year we had some security incidents with stealing of sensitive project data.

    Since that time we have started to pay more attention to usb security. Now we use desktop authority as a desktop management solution and we control usb devices with this tool as well.

    What I really like in this solution is that you can block or limit access to a particlular device on a particular pc.

    For example, you can block the use of pocket PCs, palms and blackberries for some departments or OUs.

    In addition you can limit the use of usb devices according to their serial numbers, for example, allowing the use of only company issued usb storage or even put some devices on a black list.

  14. Nice one! Thanks for the tip!

    Last year we had some security incidents with stealing of sensitive project data.

    Since that time we have started to pay more attention to usb security. Now we use desktop authority as a desktop management solution and we control usb devices with this tool as well.

    What I really like in this solution is that you can block or limit access to a particlular device on a particular pc.

    For example, you can block the use of pocket PCs, palms and blackberries for some departments or OUs.

    In addition you can limit the use of usb devices according to their serial numbers, for example, allowing the use of only company issued usb storage or even put some devices on a black list.

  15. It is a good tool if you need to monitor the use of drives. But if you are worried about data loss/theft the best way to combat usb devices is to disable the usbstor capabilities. Not only can they be used to steal data, if i ever wanted to break into a company's network I would spend $20-30 and drop a few usb devices in the parking lot of your business. Thanks for the back door.

  16. It is a good tool if you need to monitor the use of drives. But if you are worried about data loss/theft the best way to combat usb devices is to disable the usbstor capabilities. Not only can they be used to steal data, if i ever wanted to break into a company’s network I would spend $20-30 and drop a few usb devices in the parking lot of your business. Thanks for the back door.

  17. I just came across this article and the related tool. It still is a valid link but I don't think it works correctly anymore with IE8 or above as I had trouble getting the report to show up.

    Further since it discusses windows xp, it may be way behind in its usefullness.

    I see most of these comments are from years ago so I don't know how current this article actually is. Perhaps the author could refresh it and see if it is still valid.