Re: USB Qusetion

[Joel W Pauling <joel () catalyst net nz>]

On Thursday 11 January 2007 12:48, blufuzion () mail com wrote:
> Hello, I am new to the list.I am a new network admin and my boss wants me
> to disable usb drives from reading USB/thumb drives but still be able to
> use the mouse and keyboards. I was thinking of disabling them in the BIOS.
> Can you give me any suggestions?

Under linux this is fairly straight forward. You just compile out kernel 
support for USB mass storage devices, 80% of the time this will stop 
thumbdrives. There are other classes of USB devices which may still be able 
to act as storage (cameras etc) which use a higher level userspace driver 
(i.e gphoto) in combination with some sort of USB serial transport. These are 
a little trickier you probably will want to turn off support for any type of 
USB device module which potentially could be used to access storage devices 
(USB serial converters)... However if you have a determined user there is 
always a way around. Disabling in the bios is less than desirable.

This approach will work. And an easier hack if you still want full USB support 
is just prevent access to the device mounter server for particular user (as 
easy as chaning group membership)

With windows this is almost impossible. You can create group profiles and 
restrict access to various devices/actions, more often than not this is a 
pain in the ass more than anything. This is the typical approach.



> ---------------------------------------------------------------------------

-- 

+--------------------------------------------
Joel Wiramu Pauling
Systems and Network Administrator
+--------------------------------------------
Catalyst IT LTD
http://www.catalyst.net.nz
+-----------------------------------
DDI: +64 4 803 2383
Mobile: +64 27 230 0029
joel () catalyst net nz

Attachment: _bin
Description: