Eliminating the Threat of Malware from Removable Media
Removable Media: A Clear and Present Danger
Removable media like USB drives, thumb drives, CD/DVDs and external hard drives are a widely-used and convenient data transfer vector. They are also one the most dangerous sources of network malware infections.
Users frequently and innocently connect removable media to network-connected endpoints. These sources are often loaded with unknown software and files obtained from third parties at tradeshows, sales meetings, events, or even from personal computing environments and trusted internal sources.
To maintain productivity and allow business to flourish, it’s critical to let files and data flow into your organization. Yet security professionals concur that any files – especially those from external sources – can be infected with malicious code.
Legacy solutions slow or block workflow, leading users to seek workarounds and negatively impacting productivity. Moreover, traditional solutions are effective only against known threats – not new or previously uncatalogued malware.
THE SOLUTION – The ODIX Kiosk: Files Sanitizing Station
The ODIX Kiosk is a Linux-based hardened workstation dedicated to safely introducing files from removable media. The ODIX cyber security Kiosk has no hard disk and both the operating system and software are SATADOM-based – completely neutralizing the possibility of malicious manipulation.
Conveniently placed at central locations throughout the office space, users go to ODIX Kiosks to plug in any removable media sources – instead of attaching them to their own devices. In just seconds, incoming files are sanitized and forwarded to users via email. ODIX Kiosk is a perfect solution for secured data exchange from USB flash memory devices to a network (or other devices).
How Does the ODIX Kiosk Work?
The ODIX Kiosk is powered by ODI Security’s field-proven Content Disarm and Reconstruction (CDR) engine. This patented technology scans, disarms and rebuilds files into clean versions that can be safely introduced to any network. ODIX Kiosks remove both known and unknown malicious code from a wide range of file types using ODI CDR technology
Files Sanitizing Station
The cyber security Kiosk is a physical network station that sanitizes files on removable memory media including USB drives, thumb drives, CD, DVD or any other physical memory media. The solution is a dedicated proprietary ODI stand. This stand-alone solution is air gapped against cyber-attacks.
The physical sanitizing system comes without a hard disk (HD), and the ODI operating system and software are from SATADOM. This feature completely neutralizes the ability to attack the position through the operating system or through ODI’s software.
In addition, a Linux-based derivative of the UBUNTU operating system is used to create a less vulnerable environment with fewer weaknesses and better reinforcement capabilities. Additionally, the operating system is well encrypted. This solution has the highest resistance to attacks of any kind.
The sensitization process (Odixing) is done on the malware scanning kiosk itself, isolating potential threats from the network. Only clean and safe files (the odixed files) are sent to the network via the management server.
ODIX Management Server
ODIX Management Server
The management server allows for configuration and reporting. It performs several functions including:
- Updates – Sends updates to the sanitizing core and to the five antivirus engines used in the Kiosk and distributes updates to the sanitizing server
- User Profiles – Establishes user profiles for the sanitizing server and the physical sanitizing stand including:
- Rules regarding which files are allowed to be sanitized and which files are prohibited
- Permitted sanitizing volumes for a single file and a collection of files
- Log Data – The management server is used to store log data transferred from the server and from all physical positions to it.
Connectivity – The management server is connected to several organizational servers including:
- Organizational Active Directory (AD) server to identify the users of the sanitizing stands
- An organizational file server to which all sanitized files are transferred
Option – ODIX Kiosk for highly-secured networks:
The ODIX Kiosk can have an additional configuration that is not connected to the organizational network, and is intended for organizations with air-gapped networks – infrastructure, security, ICS, SCADA etc.
Such a configuration is a safe and secure solution for inserting files into such networks.
See also – Use case example: US Power Plant
ODIX Kiosk Advantages
- Preventive sanitizing system – Eliminates ALL malware threats.
- Support of more than 11,000 file types
- Sanitization process is done on the kiosk itself not inside the network.
- No re-writable components on the Kiosk! Operating system is booted from a LiveCD configuration
- Reinforced Linux operating system and operating environment
- Smart management server that allows easy setting of policies and licensing
- Management server is separated from the kiosk itself for better security.
- Architecture that enables easy expansion and integration of dedicated filters
- Convenient and user-friendly interface
- Easy deployment – Easy configuration
ODIX Cyber Security Kiosk – Files Sanitizing Station:
A perfect combination between a totally secured architecture and a user-friendly interface