RE : USB Security

["John Robot" <john_f_robot555 () hotmail com>]

Hi,

Languard (from GFI) offers a software that boast being able to control USB 
ports.

http://www.gfi.com/lanpsc/


I've never tested it though!

Marty!

-----Original Message-----
From: GuidoZ [mailto:uberguidoz () gmail com]
Sent: Wednesday, November 24, 2004 12:30 AM
To: Jimi Thompson
Cc: Beauford, Jason; Marios Papaioannou; Gray, Steve; 
security-basics () securityfocus com
Subject: Re: USB Security


> Rather than use hiderun32.exe, use something like getadmin.exe and show 
> your management what you can if you 1) bring in 4 GB of mal-ware and 2) 
> leave with 4 GB of their salary data to post on the web or in the lunchroom 
> on the bulletin board.

lol, yes, there are plenty of options. That why the hiderun32 hides the 
batch file - you can do any command line command you wanted to from that 
point (including getadmin... any of the Sysinternals or Foundstone 
collection would come in handy).

Securing it is a problem. If you need the USB ports for legitimate purposes, 
then you obviously have less options. If you can disable them entirely, both 
through a passworded BIOS and the XP reg hack, then you'll be sitting 
better. I've never used any program that claims to lock down the USB ports 
against illegitimate use, though I have seen them advertised. (Sorry I don't 
have any links hand.)

--
Peace. ~G


On Mon, 22 Nov 2004 21:09:52 -0600, Jimi Thompson <jimi.thompson () gmail com> 
wrote:
> Rather than use hiderun32.exe, use something like getadmin.exe and show 
> your management what you can if you 1) bring in 4 GB of mal-ware and 2) 
> leave with 4 GB of their salary data to post on the web or in the lunchroom 
> on the bulletin board.
>
> Jimi
>
> On Mon, 22 Nov 2004 16:46:38 -0500, Beauford, Jason
>
>
> <jbeauford () eightinonepet com> wrote:
> > I may be late here and someone may have mentioned it, but you can > 
> disable the USB Drivers for Windows XP via the registry.  Even > better 
> Logon Scripts.
> >
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;823732
> >
> > JMB
> >
> >
> >
> > -----Original Message-----
> > From: Marios Papaioannou [mailto:m.papaioannou () cytanet com cy]
> > Sent: Sunday, November 21, 2004 4:35 AM
> > To: 'Gray, Steve'
> > Cc: security-basics () securityfocus com
> > Subject: RE: USB Security
> >
> > Hello Steve,
> >
> > From my point of view, the only 100% secure way to reduce the risk > of 
> usb is to disable the usb ports from bios. Any other suggestions > are
> >
> >
> > welcome.
> >
> > Regards,
> > Marios
> >
> > -----Original Message-----
> > From: Gray, Steve [mailto:SGray () wakefield gov uk]
> > Sent: Saturday, November 20, 2004 1:15 AM
> > To: security-basics () securityfocus com
> > Subject: RE: USB Security
> >
> > Hi,
> > This is something we are very interested in at the moment. I have > 
> found some software, from a firm called Generix, that looks as > though it 
> will control the use but it is difficult to get managers > to pay for it. 
> They seem to understand risks from floppy disks and > CD's, but not from 
> USB devices. Any practical policy guidelines to > limit risks would be 
> welcome. Steve Gray Wakefield MDC
> > --------------------------
> > Sent from my BlackBerry Wireless Handheld
> >
> >
>
>
> --
> Thanks,
>
> Jimi

_________________________________________________________________
Gardez le contrôle grâce à la protection contre les fenêtres pop-up 
articulée sur la technologie brevetée Microsoft SmartScreen 
http://join.msn.com/?pgmarket=fr-ca&page=features/popup Commencez dès 
maintenant à profiter de tous les avantages de MSN Premium et obtenez les 
deux premiers mois GRATUITS*.