A dongle does not present the same security risk as a thumb drive

ejose — Fri, 12 Dec 2008 23:24:00 GMT

We've had quite a few calls over the past couple of weeks regarding Avid's use of USB dongles, and whether or not they pose the same security risk as a thumb drive. This was prompted by a worm that recently spread through Department of Defense networks.

Avid's dongles, manufactured by SafeNet, do look similar to a USB thumb drive, but they do not pose the same security risk.

The SafeNet website has a support document that states Sentinal Keys (dongles) do not have security implications in environments where read/write memory devices are not allowed:

The Sentinel Hardware Keys (SHK), SuperPro, UltraPro and other Sentinel tokens (both Parallel Port and USB) are proprietary security devices, which are used by a specific application to ensure that each user of the application has the rights to run the application. It is only this specific access information that can be stored on the key. The key cannot be used as a data storage device, either to upload data to a computer, or download data from a computer.

At no time does any other application, parts of the Operating System or system’s user have direct access to the key’s memory. Nor can the key’s memory be used as a generic storage area. The only way to use the key’s memory is through our specific APIs, and with a specifically protected application.

If you or your agency have questions or concerns regarding the security of Avid software or systems, please contact the Avid Government Solutions Team at 1-800-497-2843.

The Government Video Update : worm

A dongle does not present the same security risk as a thumb drive