Emerging USB storage technology allows massive amounts of data to be transferred at lightning speeds. Devices continue to decrease in size (now the size of a key chain), and the storage capacity keeps multiplying (currently up to 1 GB). All this makes for fast, efficient, and convenient information exchange, but there is a downside—security. Employees can use these tiny, portable USB storage devices to download sensitive data and upload potentially harmful apps or viruses.
How should an IT pro address these security concerns? TechRepublic member mrs_doctor_jones would most certainly like to know.
"I was wondering whether or not it is possible to disable USB ports on workstations. If so, is there a way to do it so that 'smart' workstation users could not easily enable them again?"
Mrs_doctor_jones says, "In an interest of network security, I think it would be prudent for us to disable the ports on all workstations in the office so that no one could use USB drives to put stuff onto or pull stuff off of the network."
Block those USB ports with BIOS settings
Members TheChas and DR The Corporate Groups both think the BIOS is the place to start. BIOS settings can be modified so that USB functionality is disabled on a workstation Check out this article in the HP archives for info on how to enter into the BIOS on various computers.
In DR's words, "Most newer motherboards have a disable feature in the BIOS to disable the two [or four] built-in USB ports located next to the mouse and keyboard connectors." Furthermore, "add-on USB ports via a PC card or bracket can simply be unplugged."
TheChas elaborates. "Your best option is to disable the USB ports in BIOS settings. Then, set a BIOS password. Finish up with case locks or other security hardware so that users cannot open the case, and then reset the CMOS memory."
An extreme remedy
TheChas also offers a "truly foolproof option." To completely disable the USB ports (for good), he suggests "carefully filling the USB connectors with a thick epoxy adhesive."
This is a radical (and creative) solution and will render the ports unusable. If USB will never be used on the workstation again, this might be the way to go. But TheChas warns: "Use extreme caution not to allow the epoxy to seep into other connectors or motherboard components." Good advice; you must be careful not to "gum up" an entire system just to disable one component.