SafeDoor® by authUSB
)
The SafeDoor system is a solution for analysis, protection and detection of cyber threats perpetrated through USB storage devices, acting as a barrier between them and an organization's networks, against the three attack vectors:
▪ Electrical: Continuously monitors the electrical behavior of the USB flash drive, identifying and stopping usbKiller-type overvoltage attacks.
▪ Hardware: Continuously monitors the behavior of the USB flash drive at the hardware level, detecting and disabling BadUsb family attacks, HID attacks (rubber ducky and similar), fake network cards, composite interfaces, etc.
▪ Software: It has a complete ,integrated antivirus engine/es (compatible with several manufacturers) with which it performs a scan prior to downloading or transferring any content.
The behavior of the USB flash drive is continuously monitored until removal, thus avoiding time- or connection-triggered attacks, which would go unnoticed in an initial analysis. For this reason, among others, a USB device should never be connected directly to an organization's computer.
In addition to protection, the system offers auditing and traceability of all connected devices and scanned files.
SafeDoor offers two connectors for the insertion of USB sticks to be analyzed and an ethernet port for connection to the network, or point-to-point directly to a computer. Through this network connection it offers a web interface for user interaction.
The standard system consists of:
▪ Central Console: Web application for system supervisors, provides centralized management of all linked SafeDoors. Available as SaaS or on-premise installation.
Main modules:
o Real-time status dashboard
o Audit reports of all operations carried out by the related SafeDoors
o Firmware upgrades and remote configuration
o Liaison with SIEM systems
▪ SafeDoor devices:
Linked to the central console for reporting and remote management. Offers its own web interface to the end user. SafeDoor's standard configuration allows immediate, cross-platform use without prior provisioning as the user only needs a web browser to access the device's web interface and no software or driver installation on the client computer is required.
The user connects the USB sticks to the device and browses its contents, selecting the files or folders of interest to be downloaded to the client computer after scanning for threats. The SafeDoor system can be configured for integration with existing systems in the organization, thus facilitating:
▪ Establishment of protocols. SafeDoor provides the tools needed to easily implement specific methodologies across or within the entire organization depending on the characteristics and requirements of each Unit: o Mandatory antivirus scanning of any file prior to its introduction. o Automatic traceability of any incoming or outgoing file via USB flash drives o Role management. Defines who can download access to USB sticks and who can copy information to them (read/write). Supports LDAP/Active Directory.
▪ Compliance with regulatory restrictions: automation and auditing of file exchange between disconnected networks (IT/OT or with different classification level) respecting Airgap.
▪ Simplification and automation of processes for use by non-specialists To meet these needs SafeDoor incorporates different modules that allow:
▪ Automation. Both the analysis process and the automatic dumping of the contents of the connected USB flash drive onto different media: o Network folder o Encrypted transfer over network to SafeDoor client o Dump to internal USB memory stick inventoried In this case no user interaction through the web interface is required, just the LEDs available on the USB ports of the device (red/green light).
▪ Encryption SafeDoor supports both hardware (Ironkey, DataLocker...) and software (Bitlocker, LUKS) encrypted drives, which is especially relevant when identifying and operating with internal USB drives within the organization. It is important to note that the properties that allow a USB drive to be uniquely identified (vid, pid, serial, geometry) are easily emulated, so the whitelisting methodology can only prevent certain user errors, but has major shortcomings when it comes to stopping malicious or targeted attacks. Encryption (especially hardware) of the drive can mitigate this problem.
▪ Port reservation. For shared use by different users, the system supports the explicit reservation of each port in order to guarantee the confidentiality of the contents.
▪ Printing. Possibility of printing tickets per operation for their incorporation to work orders.
SafeDoor's versatility makes it adaptable to any environment. The use cases are multiple, being already present in industrial environments, as well as in Critical Infrastructures, Defense and Public Administration.
SafeDoor has been evaluated by an independent laboratory under the LINCE methodology (similar to Common Criteria) and has achieved certification by the CCN (National Cryptologic Center) which has enabled its entry into the exclusive CPSTIC catalog of this organization. SafeDoor also has the highest level of security for ENS (National Security Scheme) compliance. Internationally SafeDoor is included in the NATO Boa List. SafeDoor has also CE and FCC certification