Re: Locking down USB on Linux

[Adrian Crenshaw <irongeek () irongeek com>]

I've not read it, but thanks for the links guys.

Adrian

On Tue, Jul 6, 2010 at 7:44 PM, Michael Miller <mike.mikemiller () gmail com>wrote:

> Adrian,
>
> Have you checked the NSA's CSS guides?
>
>
> http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml
>
> I used this as a checklist last time I had to do some system
> hardening.  It did give you several ways depending on if you where
> running a headless machine or a machine with a head (X Display).
>
> I'll also go with the last poster. Epoxy works really well.  But then
> again what if they pop open the case and find a USB port or pins that
> just require a cable to use another path on the system board?  Then
> again if they use a boot disk and disable any OS level protections /
> disabled devices you are SOL.
>
> -mmiller
>
> On Fri, Jul 2, 2010 at 5:08 AM, Adrian Crenshaw <irongeek () irongeek com>
> wrote:
> > Hi all,
> >     I've be doing some work on locking down Windows Vista/7 against
> > malicious USB devices:
> http://www.irongeek.com/i.php?page=security/locking-down-windows-vista-and-windows-7-against-malicious-usb-devices
> > Anyone have guidance on doing the same in Linux? I imagine there are udev
> > rules that can be set?
> >
> > Adrian
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com