Strong multifactor authentication is crucial for high-security environments Even strong password policies can usb secure fail in the face of cracker tools and users who carelessly share passwords or write them on Post-it notes.
Currently, the only way to truly prevent the potential risk is to educate yourself and fellow users about the risks and follow computing best practices. Do not insert your devices into computers (and networks) you don’t trust and don’t plug other’s devices into your computer unless you know for certain where they’ve been. Use secure devices. Some newer model USB drives have safety features such as usb secure fingerprint authentication that protect data from would-be hackers. Other devices have built-in encryption which eliminates the need to use a separate software program to scramble your information, according to Siciliano. Publishers distribute secure USB devices to their customers/users. USB devices can be password protected so that they can be safely sent in the mail without fear of getting lost.
I’m going to build on this first. The hosting computer shouldn’t have any wireless communications at all. Anything non-essential should be disabled in the BIOS, the BIOS locked, and ideally a flash protection feature (eg jumper based) built-in. Auto-run should be disabled if the system has it. The media itself should be write-once and finalized. The main drawbacks are that protect usb it costs a disc each time, it doesn’t allow useful two-way communication (eg update service), it’s very slow (CD/DVD writes), and it’s quite manual. The crypto is unnecessary with this design except to keep you from having to destroy the discs. Of course, it provides the advantage where you can have a dedicated password for these transfers that’s saved on each machine.