Security Basics mailing list archives
RE: USB Security
From: "James McGee" <james () infosec co im>
Date: Tue, 30 Nov 2004 19:08:53 -0000
There are known registry hacks which can help prevent the abuse of USB devices. The best of these enable the administrator to diable the use of USB ports for mass media devices, or removable storage, which is what a typical USB Storage Drive will appear as. Apparently (I have not seen it yet, but it comes from a MS employee) the GPO objects you can import to manage XPSP2 also contain this as an option, and you can also mark USB ports as read only. So, that should help stop the data walking out the door... Cheers James -----Original Message----- From: John Robot [mailto:john_f_robot555 () hotmail com] Sent: 25 November 2004 14:38 To: security-basics () securityfocus com Subject: RE : USB Security Hi, Languard (from GFI) offers a software that boast being able to control USB ports. http://www.gfi.com/lanpsc/ I've never tested it though! Marty! -----Original Message----- From: GuidoZ [mailto:uberguidoz () gmail com] Sent: Wednesday, November 24, 2004 12:30 AM To: Jimi Thompson Cc: Beauford, Jason; Marios Papaioannou; Gray, Steve; security-basics () securityfocus com Subject: Re: USB Security
Rather than use hiderun32.exe, use something like getadmin.exe and show your management what you can if you 1) bring in 4 GB of mal-ware and 2) leave with 4 GB of their salary data to post on the web or in the lunchroom
on the bulletin board.
lol, yes, there are plenty of options. That why the hiderun32 hides the batch file - you can do any command line command you wanted to from that point (including getadmin... any of the Sysinternals or Foundstone collection would come in handy). Securing it is a problem. If you need the USB ports for legitimate purposes, then you obviously have less options. If you can disable them entirely, both through a passworded BIOS and the XP reg hack, then you'll be sitting better. I've never used any program that claims to lock down the USB ports against illegitimate use, though I have seen them advertised. (Sorry I don't have any links hand.) -- Peace. ~G On Mon, 22 Nov 2004 21:09:52 -0600, Jimi Thompson <jimi.thompson () gmail com> wrote:
Rather than use hiderun32.exe, use something like getadmin.exe and show your management what you can if you 1) bring in 4 GB of mal-ware and 2) leave with 4 GB of their salary data to post on the web or in the lunchroom
on the bulletin board. Jimi On Mon, 22 Nov 2004 16:46:38 -0500, Beauford, Jason <jbeauford () eightinonepet com> wrote:I may be late here and someone may have mentioned it, but you can >disable the USB Drivers for Windows XP via the registry. Even > better Logon Scripts.http://support.microsoft.com/default.aspx?scid=kb;en-us;823732 JMB -----Original Message----- From: Marios Papaioannou [mailto:m.papaioannou () cytanet com cy] Sent: Sunday, November 21, 2004 4:35 AM To: 'Gray, Steve' Cc: security-basics () securityfocus com Subject: RE: USB Security Hello Steve, From my point of view, the only 100% secure way to reduce the risk > ofusb is to disable the usb ports from bios. Any other suggestions > arewelcome. Regards, Marios -----Original Message----- From: Gray, Steve [mailto:SGray () wakefield gov uk] Sent: Saturday, November 20, 2004 1:15 AM To: security-basics () securityfocus com Subject: RE: USB Security Hi, This is something we are very interested in at the moment. I have >found some software, from a firm called Generix, that looks as > though it will control the use but it is difficult to get managers > to pay for it. They seem to understand risks from floppy disks and > CD's, but not from USB devices. Any practical policy guidelines to > limit risks would be welcome. Steve Gray Wakefield MDC-------------------------- Sent from my BlackBerry Wireless Handheld-- Thanks, Jimi
_________________________________________________________________ Gardez le contrôle grâce à la protection contre les fenêtres pop-up articulée sur la technologie brevetée Microsoft SmartScreen http://join.msn.com/?pgmarket=fr-ca&page=features/popup Commencez dès maintenant à profiter de tous les avantages de MSN Premium et obtenez les deux premiers mois GRATUITS*.
Current thread:
- RE : USB Security John Robot (Nov 26)
- RE: USB Security James McGee (Nov 30)