ITM is an open framework - Submit your contributions now.

Insider Threat Matrix™

  • ID: IF002.004
  • Created: 31st May 2024
  • Updated: 31st July 2024
  • Platforms: Windows, Linux
  • Contributor: The ITM Team

Exfiltration via Floppy Disk

A subject exfiltrates data using a floppy disk drive.

Prevention

ID Name Description
PV016Enforce a Data Classification Policy

A Data Classification Policy establishes a standard for handling data by setting out criteria for how data should be classified and subsequently managed and secured. A classification can be applied to data in such a way that the classification is recorded in the body of the data (such as a footer in a text document) and/or within the metadata of a file.

PV003Enforce an Acceptable Use Policy

An Acceptable Use Policy (AUP) is a set of rules outlining acceptable and unacceptable uses of an organization's computer systems and network resources. It acts as a deterrent to prevent employees from conducting illegitimate activities by clearly defining expectations, reinforcing legal and ethical standards, establishing accountability, specifying consequences for violations, and promoting education and awareness about security risks.

PV036Restrict Floppy Drive Mounting, Group Policy

Using Group Policy on Windows it is possible to block execute, read, and write operations related to a floppy disk.


In the Group Policy Editor, navigate to:
Computer Configuration -> Administrative Templates -> System -> Removable Storage Access

 

Open the following policies and set them all to Enabled:

Floppy Drives: Deny execute access

Floppy Drives: Deny read access

Floppy Drives: Deny write access