<div>
You can disable USB ports by Group Policy.<br />
<a href="https://social.technet.microsoft.com/Forums/windows/en-US/0be0c42b-950c-4a16-8be6-3f3a3d22e712/process-for-usb-port-blocking-via-active-directory-group-policy?forum=winserverGP" rel="ugc nofollow">https://social.technet.microsoft.com/Forums/windows/en-US/0be0c42b-950c-4a16-8be6-3f3a3d22e712/process-for-usb-port-blocking-via-active-directory-group-policy?forum=winserverGP</a><br />
<br />
Make sure no user has Admin Rights to their computer. <br />
<br />
Today almost no machine needs a DVD player so remove those.
</div>


Pau Lo

<div>
1) Disable unused USB ports.<br />
2) Physically prevent access to the USB ports.<br />
3) In cases where users don't have any reason to touch the computer itself, lock it in a case or cabinet of some sort.
</div>


COG Lead Engineer

Shaun Vermaak

<div>
how would keyboards and mice work if all USB ports were completely disabled.
</div>


<div>
<i>Today almost no machine needs a DVD player so remove those.</i> <br />
<br />
Eh?
</div>


<div>
Haven't used a DVD player in half a decade.
</div>


<div>
<i>how would keyboards and mice work if all USB ports were completely disabled.</i><br />
<br />
Use Bluetooth Keyboard and Mouse.
</div>


<div>
<blockquote>
how would keyboards and mice work if all USB ports were completely disabled.
</blockquote>
The assumption is you wouldn't disable the ports you actually need.<br />
<br />
While DVD drives get used less than they used to, they still have quite a bit of usefulness. And for various reasons. Entertainment being one (not everything is available for streaming, nor would one always been in a place with internet available)... we happen to have use cases of training videos (the vendor charged an arm and a leg for the streaming version)
</div>


<div>
<i>protect against hardware based key logger devices? </i><br />
<br />
How big is this issue? We do not see it at our clients.
</div>


<div>
A one off incident hopefully.
</div>


<div>
<blockquote>
how would keyboards and mice work if all USB ports were completely disabled.
</blockquote>
Blocking it in GPO will not block these devices.<br />
<br />

<blockquote>
Use Bluetooth Keyboard and Mouse.
</blockquote>
These have their own security risks.<br />
<br />
The only solution is physical security
</div>


<div>
Buy a 5-port USB card (these have an internal slot), use wireless mouse/keyboard and plug the transceiver in the internal socket, squirt glue in all external USB ports or disable them with a policy, padlock the case.
</div>


<div>
Ironically, one of the most overlooked things is to simply physically secure the box itself or purchase something which is physically hardened against this type of thing. I go into TOO many businesses, see the USB ports staring me in the face (and laughing at the need for physical security) from the customer side of the counter ... <br />
<br />
If this is a public facing (or factory) device:<br />
1. Put it in a secure box which adequately addresses the environment &nbsp;...<br />
2. (I'm with John, above) Purchase a good keyboard / mouse combo with a Bluetooth receiver and go ...<br />
<br />
Note: If you think this is too expensive, what does a single data breach cost? At a minimum, customer(s), possibly employee(s) and marketshare ... if not reputation and your business's future.<br />
<br />
If you have an issue with employees and need to secure all computers in all offices, you've got a management / HR / policy issue and not a technology issue.
</div>


<div>
&gt;Ironically, one of the most overlooked things is to simply physically secure the box itself or purchase something which is physically hardened against this type of thing.<br />
<br />
Can you provide any examples of such?
</div>


<div>
Examples of small vs large are at <a href="https://www.globalindustrial.com/p/office/computer-furniture/cabinets/datum-small-hanging-cpu-locker-black?infoParam.campaignId=T9F&gclid=EAIaIQobChMIiu_PweDC3QIVyrrACh0haAV8EAQYAyABEgIrTvD_BwE" rel="ugc">https://www.globalindustrial.com/p/office/computer-furniture/cabinets/datum-small-hanging-cpu-locker-black?infoParam.campaignId=T9F&gclid=EAIaIQobChMIiu_PweDC3QIVyrrACh0haAV8EAQYAyABEgIrTvD_BwE</a>&nbsp;or <a href="https://www.globalindustrial.com/p/office/computer-furniture/cabinets/mobile-security-lcd-computer-cabinet-black-2?infoParam.campaignId=T9F&gclid=EAIaIQobChMIiu_PweDC3QIVyrrACh0haAV8EAQYASABEgJv8vD_BwE" rel="ugc">https://www.globalindustrial.com/p/office/computer-furniture/cabinets/mobile-security-lcd-computer-cabinet-black-2?infoParam.campaignId=T9F&gclid=EAIaIQobChMIiu_PweDC3QIVyrrACh0haAV8EAQYASABEgJv8vD_BwE</a>.<br />
<br />
If it is dusty, make sure it is filtered properly and add it to a regular maintenance / cleaning schedule depending on how much dust the area will have ...
</div>


<div>
Look at Kensington locks. However many cases have a metal hoop/eye at the back that you can put a padlock through.
</div>


<div>
Keyboard / mouse combos examples are at <a href="https://www.wetkeys.com/SearchResults.asp?Search=wireless" rel="ugc">https://www.wetkeys.com/SearchResults.asp?Search=wireless</a>&nbsp;or <a href="https://techspotsolutions.com/top-5-best-waterproof-bluetooth-foldable-keyboards-in-2017/" rel="ugc">https://techspotsolutions.com/top-5-best-waterproof-bluetooth-foldable-keyboards-in-2017/</a>&nbsp;(for compact examples).<br />
<br />
However, if you are already experiencing &quot;dishonesty&quot; relating to hardware-based keyboard loggers, integrity is already an issue and wireless devices may tend to &quot;walk away&quot; too.<br />
<br />
Cheaper, wired USB devices combined with a well-ventilated enclosure may be your most cost-effective alternative.
</div>


<div>
Don’t use wired keyboard or mice to start.<br />
Physicallly inspect machines on a regular basis. <br />
Good antivirus software should detect software versions.<br />
Check drivers for keyboard and mice regularly as well<br />
If in a company, users should not be Admins to prevent locally added software. (Hopefully admins are trustworthy!)
</div>


<div>
<div class="content wysiwyg-content">
Is there anything that companies / security departments can do to protect against hardware based key logger devices?
</div>
</div>


Is there anything that companies / security departments can do to protect against hardware based key logger devices?

hardware key logger

Hardware includes cell phones and other digital living devices, tablets, computers, servers, peripherals and components, printers and scanners, gaming consoles, networking hardware such as routers, hubs, switches and modems, storage devices and security equipment such as firewalls and other appliances.

Hardware

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.