[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

USB Port access

Posted on 2010-09-23
6
Medium Priority
?
846 Views
Last Modified: 2012-05-10
Hi,
As a typical situation in many Indian organization, marketing people needs to use laptop and data card to access internet out of office network. To access data card, we need to open USB port. As pen drive are most virus/malware prone device, how we can block access of pen drive at the same port which is open to access data card?

0
Comment
Question by:KKSINGH-FCRL
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 9

Accepted Solution

by:
Tomas Valenta earned 252 total points
ID: 33751458
# Run Registry Editor (regedit).
# Navigate to the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
# In the right pane, double click on the Start value name.
# Change the value data to 4 to disable the removable USB mass storage device drive access.
The change will take effect immediately to block any USB mass storage device such as USB flash drive, USB key and portable harddisk from been used in the system, while still allowing hardware components to work properly via USB connection. The hack works in most Windows operating system such as Windows Vista, XP, Windows Server 2008, 2003 and 2000.
0
 
LVL 4

Expert Comment

by:rajivvishwa
ID: 33756519
And I assume that users do not have admin access to those laptops, if they do, then they can edit registry and enable USB access back if you implement the method mentioned by Tominov.

You might have to disable at BIOS level as well for additional security coz even admins cannot edit BIOS settings without BIOS password.
0
 
LVL 10

Expert Comment

by:yasserd
ID: 33765443
For more security, what I recommend is white-listing instead of black-listing. So, it is better to block everything and just allow data cards. I don't know if it is possible to do through registry but there are a couple of software that enables you to do so like Symantec Endpoint Protection.
0
 
LVL 65

Assisted Solution

by:btan
btan earned 248 total points
ID: 33813299
This is an good article for Windows VISTA and 7 OS but in particular look out for
@http://msdn.microsoft.com/en-us/library/bb530324.aspx

# Prevent users from installing any device.
# Allow users to install only devices that are on an "approved" list. If a device is not on the list, then the user cannot install it.
# Prevent users from installing devices that are on a "prohibited" list. If a device is not on the list, then the user can install it.

Another means is to prevent execution in USB drive. There is SRP (XP) and Applocker (for Win7). Basically SRP is Software Restriction Policies which can be configured to allow users to run only authorized applications via certificate, hash, or path rules. If a user had a default disallowed policy and
paths to say only specific program files folder for allowed applications, and the associated shortcuts in the all users profiles they would not be able to execute a file on a USB drive or copied to their profile folders.

This paper will help to elaborate more and its setting
@ http://www.nsa.gov/ia/_files/os/win2k/Application_Whitelisting_Using_SRP.pdf
Similarly for applocker, can see http://beingpc.com/2010/04/lock-your-programs-using-applocker/

But if you ok with product, do check out DeviceLock, it has the neat controls you need (and more)
@ http://www.devicelock.com/dl/index.htm
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 34740406
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question