[ISN] iPod is latest security risk for business, say analysts

From: InfoSec News (isn@private)
Date: Tue Jul 06 2004 - 02:52:37 PDT


[Gartner rehashing old ISN posts? 
http://seclists.org/isn/2002/Mar/0002.html  :)   - WK]

By Andrew Donoghue
July 06 2004

Companies should consider banning portable storage devices such as
Apple's iPod from corporate networks as they can be used to introduce
malware or steal corporate data, according to an analyst.

Small portable storage products can bypass perimeter defenses like
firewalls and antivirus at the mailserver, and introduce malware such
as Trojans or viruses onto company networks, claimed analyst house
Gartner in a report issued this week. Analysts have warned for some
time of the dangers of using portable devices, but the report points
out these also now include "disk-based MP3 players, such as Apple's
iPod, and digital cameras with smart media cards, memory sticks,
compact flash and other memory media."

Another potential danger is that the devices - that typically make use
of USB and FireWire - could be used to steal large amounts of company
data as they are faster to download to than CDs. Also the size of the
portable devices means they can be easily misplaced or stolen.

Gartner advises that companies should forbid the use of uncontrolled,
privately owned devices with corporate PCs and adopt personal
firewalls to limit what can be done on USB ports.

"Businesses must ensure that the right procedures and technologies are
adopted to securely manage the use of portable storage devices like
USB 'keychain' drives. This will help to limit damage from malicious
code, loss of proprietary information or intellectual property, and
consequent lawsuits and loss of reputation," the report stated.

Andrew Donoghue writes for ZDNet UK

Help InfoSec News with a donation: http://www.c4i.org/donation.html

This archive was generated by hypermail 2.1.3 : Tue Jul 06 2004 - 10:29:41 PDT