Slurp Is The Perp
Simply put, the tools now exist for anyone to plug an iPod into a corporate PC and steal gigabytes of data in mere moments. That practice even has a name: “Pod slurping.” It may not be fair to single out Apple&'s iPod as the main culprit—after all, any USB- or FireWire-connected device can do the slurp—but the iPod is a victim of its popularity.
What really brings this issue to the forefront is an application called slurp.exe, which was created by Abe Usher, a computer security expert and founder of Sharp Ideas. Pretty much any iPod owner can visit the company&'s Web site and download a copy of slurp.exe. While Mr. Usher actually created the application simply to highlight the lack of physical security in today&'s workplace, many are using his application to gather data both legally and, one must assume, illegally.
Believe it or not, the scenario can spell opportunity for solution providers. Security-centric VARs can use slurping as a way to highlight security problems in today&'s networks, both large and small, and then offer the proper security fix.
There are a few different ways to address the problem. The most basic would be just to put a glob of epoxy in every PC&'s FireWire or USB port. A more elegant solution would be to turn to desktop data protection products, such as DeviceLock from SmartLine USA or Safend Protector. Both of these products allow administrators to control the ports on networked PCs, solving the slurping problem once and for all.
The lesson here is that any new computer gizmo or product can have far-reaching implications for computer security. The ability for confidential data to leave the network reaches far beyond what an iPod can do. The threats range from e-mail to USB drives to floppy drives and so on. And let&'s not forget printouts, an easy way for a disgruntled employee to walk away with a customer list.
Solution providers need to consider all of the ins and outs of securing network data when selling security solutions. Luckily, no one is better equipped than the channel to solve these thorny security issues.
What unique data protection techniques are you using? Contact me via e-mail at [email protected].