General discussion


Know the risks of USB storage devices

By debate ·
Do you allow users to connect USB storage devices to their workstations? How do you control these devices and the potential theft of your network files? Share your comments about the security risks of USB storage devices, as discussed in the Jan. 23 Security Solutions e-newsletter.

If you haven't subscribed to our free Security Solutions e-newsletter, sign up today!

This conversation is currently closed to new comments.

8 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Disabling USB devices using RedHand workplace monitoring software.

by royd In reply to Know the risks of USB sto ...

The latest version of RedHand workplace monitoring software (see the ability to remotely disable USB ports for selected individual PCs on any Windows-based network.

RedHand already has the capability to remotely control access to virtually all external devices such as cd-rom, floppy drives, printers etc. but the advent of USB storage devices including digital cameras and flash cards posed a number of potential security threats. The theft of confidential data is only one aspect, albeit of huge significance, of the high security risk attached to these devices. As they are interactive they can also be used to upload viruses, pornography, spyware, illegal software and even to act as a discreet archive for private emailing and/or internet surfing.

Not only will RedHand disable the USB port, it will also alert the Administrator if any 'new' devices are attached or removed from the USB ports.

As a final protection, RedHand's monitoring features include the real-time collection and recording of all keystroke activities from a rogue user giving an administrator detailed forensic evidence to identify the culprit and the illegal activity.

Collapse -

Windows lacks security infrastructure

by felipe_alfaro In reply to Know the risks of USB sto ...

We've always found Windows lacks a robust
security infrastructure, given it's roots on
graphical user interfaces and multimedia. In
Windows, it's very difficult to control access
to removable media, since you don't have to
"mount" the device in order to use it, you can
always place a disc into your CD drive and have
anyone read it. The same happens with USB
storage. There is a lack of device access
control. You can't easily prevent access to a
device itself (you can restrict access to the
files on the filesystem, but you can't prevent
anyone from attaching an unprotected,
uncontrolled device to your system and using

That's one of the reasons we switched away from
Windows to Linux. In Linux, there is an
additional level of control. Anyone is forced to
mount a device in order to access the files on
it, let it be a hard drive, CD or USB memory
stick. By default, only root can mount devices,
but you can delegate additional permissions to
regular users or groups by adding the proper
entries in /etc/fstab. Thus, if you want to stop
regular users from being able to use USB memory
keys, CD's or disk partitions by default, you
don't have to do anything. Easy, isn't it?

Collapse -

Disable Root Hub

by mking In reply to Know the risks of USB sto ...

Another simple solution is to disable the Root Hubs in Device Manager under Universal Serial Bus Controllers. This way the administrator can easily re-enable it when necessary.

Collapse -

Windows 2003

by maharajv In reply to Disable Root Hub

Yes, true, until recently it was difficult to control access to information and the dissemination thereof. However, Windows 2003, has been packed with a very usefull service, Windows Rights Management Service, which helps ultimately to protect sensitive information or corporate networks.

Collapse -

What's the problem???

by mrafrohead In reply to Know the risks of USB sto ...

Do you let your employees have floppy disks???

Not really much difference...


Collapse -

Lack of Solutions

by contato In reply to Know the risks of USB sto ...

The article is very interesting but failed on present the best solution in the market, SecureNT from Secure Wave
Foremost the best solution on monitoring I/O devices.

Collapse -

Locking USB devices

by flagator In reply to Know the risks of USB sto ...

We use DeviceLock to prevent users from accessing USB devices, as well as limiting access to any writable media.

Collapse -

help regarding USB ports enabling/disabling

by ponu_cool25 In reply to Locking USB devices

i have got a project in which i have to enable /disable USB ports and make a GUI of it in LAN envt...can i get some help out of you in this case..the OS to be used is Linux based..

Back to Security Forum
8 total posts (Page 1 of 1)  

Related Discussions

Related Forums