Security Basics mailing list archives

Re: How to disable USB in 64 bit environment

From: Todd Haverkos <infosec () haverkos com>
Date: Fri, 02 Sep 2011 15:52:09 -0500

kartik.netsec () gmail com writes:

Hi,

I am puzzled on how to control external drive usage in our environment (Win 7 64 bit). Please help me providing your 
opinions based on below scenario:

1. USB control does not work as SEP 11.0 does not support 64 bit OS for application and device control. (Needs 
migration to 12.1, but will take months)
2. Cannot disable USB via BIOS as users use USB mouse.
3. Tried disabling USB through registry, but it is not a permanent solution, as anyone can google on how to enable 
USB via registry.
4. Conducted user awareness traning many times but it doesn't seem
   to change users behaviour.


Sounds like you need resources to get #1 accomplished. 

#3 - does that imply that your environment is rife with users with
local admin privs? 

If rolling out an upgraded SEP agent is months off and hard,
effectively limiting local admin privs without burying your helpdesk
or causing political chaos is probably not an easier path. 

#4 ... sad but true, and universal it seems.    If you can get buy in
to actually discipline users and you have a way to monitor usb use at
least, then maybe you have a shot, but a technical preventive control
is definitely better there. 

I'd be interested to hear if others have other ideas. 

--
Todd Haverkos, LPT MsCompE
http://haverkos.com/

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

How to disable USB in 64 bit environment kartik . netsec (Sep 05)
- Re: How to disable USB in 64 bit environment Todd Haverkos (Sep 05)
  - Re: How to disable USB in 64 bit environment Ludovic Gélé (Sep 06)
- RE: How to disable USB in 64 bit environment Michael Sturtz (Sep 05)
- <Possible follow-ups>
- Re: How to disable USB in 64 bit environment fire0088 (Sep 05)