Solved

USB Port access

Posted on 2010-09-23
6
840 Views
Last Modified: 2012-05-10
Hi,
As a typical situation in many Indian organization, marketing people needs to use laptop and data card to access internet out of office network. To access data card, we need to open USB port. As pen drive are most virus/malware prone device, how we can block access of pen drive at the same port which is open to access data card?

0
Comment
Question by:KKSINGH-FCRL
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 9

Accepted Solution

by:
Tomas Valenta earned 63 total points
ID: 33751458
# Run Registry Editor (regedit).
# Navigate to the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
# In the right pane, double click on the Start value name.
# Change the value data to 4 to disable the removable USB mass storage device drive access.
The change will take effect immediately to block any USB mass storage device such as USB flash drive, USB key and portable harddisk from been used in the system, while still allowing hardware components to work properly via USB connection. The hack works in most Windows operating system such as Windows Vista, XP, Windows Server 2008, 2003 and 2000.
0
 
LVL 4

Expert Comment

by:rajivvishwa
ID: 33756519
And I assume that users do not have admin access to those laptops, if they do, then they can edit registry and enable USB access back if you implement the method mentioned by Tominov.

You might have to disable at BIOS level as well for additional security coz even admins cannot edit BIOS settings without BIOS password.
0
 
LVL 10

Expert Comment

by:yasserd
ID: 33765443
For more security, what I recommend is white-listing instead of black-listing. So, it is better to block everything and just allow data cards. I don't know if it is possible to do through registry but there are a couple of software that enables you to do so like Symantec Endpoint Protection.
0
 
LVL 63

Assisted Solution

by:btan
btan earned 62 total points
ID: 33813299
This is an good article for Windows VISTA and 7 OS but in particular look out for
@http://msdn.microsoft.com/en-us/library/bb530324.aspx

# Prevent users from installing any device.
# Allow users to install only devices that are on an "approved" list. If a device is not on the list, then the user cannot install it.
# Prevent users from installing devices that are on a "prohibited" list. If a device is not on the list, then the user can install it.

Another means is to prevent execution in USB drive. There is SRP (XP) and Applocker (for Win7). Basically SRP is Software Restriction Policies which can be configured to allow users to run only authorized applications via certificate, hash, or path rules. If a user had a default disallowed policy and
paths to say only specific program files folder for allowed applications, and the associated shortcuts in the all users profiles they would not be able to execute a file on a USB drive or copied to their profile folders.

This paper will help to elaborate more and its setting
@ http://www.nsa.gov/ia/_files/os/win2k/Application_Whitelisting_Using_SRP.pdf
Similarly for applocker, can see http://beingpc.com/2010/04/lock-your-programs-using-applocker/

But if you ok with product, do check out DeviceLock, it has the neat controls you need (and more)
@ http://www.devicelock.com/dl/index.htm
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34740406
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question