Preventing the Insider - Blocking USB Write Capabilities to Prevent IP Theft

Document Type

Conference Proceeding

Publication Date



The Edward Snowden data breach of 2013 clearly illustrates the damage that insiders can do to an organization. An insider's knowledge of an organization allows them legitimate access to the systems where valuable information is stored. Because they belong within an organizations security perimeter, an insider is inherently difficult to detect and prevent information leakage. To counter this, proactive measures must be deployed to limit the ability of an insider to steal information. Email monitoring at the edge is can easily be monitored for large file exaltation. However, USB drives are ideally suited for large-scale file extraction in a covert manner. This work discusses a process for disabling write-access to USB drives while allowing read-access. Allowing read-access for USB drives allows an organization to adapt to the changing security posture of the organization. People can still bring USB devices into the organization and read data from them, but exfiltration is more difficult.