Group policy to protect you from usb firmware attacks
I am trying to figure out what's the best way to implement a group policy to prevent from a usb firmware attacks. I've tried disabling usb ports if a usb drive is installed but not sure if that stops the firmware from doing malicious stuff. We were told by that hackers are dropping usbs in the parking lot and staff are picking them up and using them.
ASKER
Yes no staff is a local administrator and yes they truly should not pick up anything but at this conference they said you'd be surprise and how many folks do this.
Running an application whitelisting software on your machines will go a long way to mitigating these attacks. AppLocker is my personal favorite if you have access to the Enterprise sku of Windows.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Here is another EE article that you can find it useful. It has script for including whitelist of USB device that it allows and otherwise attempt to detect and uninstall the rest outside the list
https://www.experts-exchange.com/articles/18574/Bad-USB-time-to-fight-back.html
https://www.experts-exchange.com/articles/18574/Bad-USB-time-to-fight-back.html
I assume UAC is ON full (maximum) and no staff is a local administrator.
And, really, truly, tell your staff not to pick up garbage off the street and bring it into to the office. Picking up an unknown USB key and plugging it in is a really dumb, foolish thing to do.