RE: USB ports Network

["Andy Cuff" <lists () securitywizardry com>]

Evening,
I've been looking at GFI's FREE Online USB Scanner which using appropriate
system credentials scans all hosts and reports on all known USB devices
which have been installed on those hosts, regardless if the devices are
still there. Initially I thought this was a bit gimmicky but I was surprised
at how much information it collected.  I even threw a banner up on my site,
much to GFI's glee.

More info here
http://www.securitywizardry.com/endpoint.htm#freegfi
The blurb goes "....EndPointScan carries out granular checks across all
types of ports - USB, Firewire, Bluetooth, Infrared, PCMIA and Wi-Fi - on
all machines. This utility provides complete and thorough information about
all portable devices and can scan multiple computers simultaneously.
EndPointScan is fully compatible with existing network management or
administrative tools such as Active Directory and it will also work on Vista
systems..."

This is a great way of winning the Hearts and Minds of Sys Admins during
VA's

Best Regards
Andy Cuff
Managing Director / CEO
Computer Network Defence Ltd
www.SecurityWizardry.com




> -----Original Message-----
> From: listbounce () securityfocus com 
> [mailto:listbounce () securityfocus com] On Behalf Of Tornado
> Sent: 02 May 2007 18:31
> To: security-basics () securityfocus com
> Subject: USB ports Network
>
> Hi All,
>
> We got Windows 2003 AD domain with all the 
> workstations/servers as Windows 2000/XP/2003/Vista. As part 
> of our security policy we do not keep the USB ports enabled 
> and disable them from BIOS itself. But we want to make sure 
> that there are no machines which have USB port left enabled 
> by mistake.
>  Is there any way/software whereby we can check/scan the 
> ports remotely on the domain?
>
> Thanks in advance.
>
> ----------------------------------------------------------------------
> Get a free email address with REAL anti-spam protection.
> http://www.bluebottle.com