Options

blocking the use of USB ports

billybob01billybob01 Member Posts: 504
We have just been instructed to block the usage of USB ports on our workstations, but due to the fact that we have usb keyboards and mouses, we need to keep 2 open, any clues?

Comments

  • Options
    vColevCole Member Posts: 1,573 ■■■■■■■□□□
    billybob01 wrote: »
    We have just been instructed to block the usage of USB ports on our workstations, but due to the fact that we have usb keyboards and mouses, we need to keep 2 open, any clues?

    You can block the use of USB ports for removable media (assuming this is the main issue) with GPO: Disable USB Disks with GPO
  • Options
    azjagazjag Member Posts: 579 ■■■■■■■□□□
    I read in one of the Article on Microsoft Website which tells you How to Disable Storage Devices.All you need to do is changes in Registry key would disable the device,but before changing any keys in registry read this note

    "Warning : Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk. If a USB storage device is already installed on the computer" set the Start value in the following registry key to 4:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

    When you do so, the USB storage device does not work when the user connects the device to the computer.

    To set the Start value, follow these

    steps:1. Click Start, and then click Run.
    2. In the Open box, type regedit, and then click OK.
    3. Locate, and then click the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor

    4. In the right pane, double-click Start.
    5. In the Value data box, type 4, click Hexadecimal (if it is not already
    selected), and then click OK.
    6. Quit Registry Editor.

    Let me know How it worked for you.
    Currently Studying:
    VMware Certified Advanced Professional 5 – Data Center Administration (VCAP5-DCA) (Passed)
    VMware Certified Advanced Professional 5 – Data Center Design (VCAP5-DCD)
  • Options
    pizzaboypizzaboy Member Posts: 244 ■■■□□□□□□□
    Some corporate antivirus products have this functionality as well. You can check to see if yours has that capability.
    God deserves my best
  • Options
    RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
  • Options
    gunbunnysouljagunbunnysoulja Member Posts: 353
    You don't want to leave 2 open because that doesn't actually prevent USB usage as those devices could simply be unplugged temporarily. Go with vCole's method. The DoD restricts USB ports for removable media and CAC readers, keyboards, mice, etc. work fine.
    WGU BSITStart Date: July 1, 2013
    In Progress: CJV1 (4 CU)
    Transfered: WFV1, TJP1, CLC1, INC1, INT1, EUP1, EUC1, BVC1, GAC1, DHV1, DIV1, CWV1, CRV1, DEV1, CTV1, DJV1, IWC1, IWT1, CVV1, RIT1, CIC1, CJC1, TBP1, TCP1, EAV1, EBV1, TJC1, AGC1 (82 CU)
    Completed: MGC1, TPV1, CUV1 (14 CU)
    Remaining: BOV1, BNC1, TXP1, TXC1, TYP1, TPC1, SBT1, QZT1 (22 CU)


  • Options
    JDMurrayJDMurray Admin Posts: 13,039 Admin
    As an alternative: Leave all the USB ports accessible and install a host agent to log all USB port usage and report it back to a central server. In this way, you will find out how information and Malware is infiltrated/exfiltrated from your organization. Use a product like BlueCoat to monitor all Web activity to find out the same. Block all sites that support file transfer using SSL/SSH (Gmail, DropBox, etc.). In fact, block all file uploading sites because stenography tools can be used to store data in still-images and video. Monitor all printer usage to discover what's walking out your doors as hardcopy. Disallow cell phones with digital cameras. No, better yet, no cell phone allowed at all. Install a video surveillance system at each workstation to monitor when people copy information from their screen using pen and paper. Listen in on all phone conversations and read all internal IMs, as information leaks out that way too. Document everything as policy and SOPs. Watch the color drain out of the faces of your CxO's when you tell them it's all necessary for "compliance."

    Job security for security people! Woo-hoo! icon_lol.gif
Sign In or Register to comment.