Disable USB ports

If you are concerned about your users using the USB ports on your computers to, accidentally or intentionally, steal information or plug in unauthorized devices that might infect your network, you may want to discuss these options with your qualified IT professional.

One effective way to disable USB ports is to fill them with epoxy glue—although this ruins the port. New ports can be purchased and added in the future unless the machine is a laptop.

Or, your qualified IT professional may be able to disable the USB ports in the system BIOS of the computer and then set a password for the BIOS so the user cannot re-enable the ports.

Using Windows, it is fairly simple in Group Policy Objects (GPO) to disable the “autoplay / autorun” feature. If you want to stop the USB from working completely, your qualified IT professional will use GPO settings to disable USB devices already installed and prevent users from installing more. For more information your qualified IT professional can visit  http://support.microsoft.com/kb/823732

Also, many anti-virus suites and even VPN clients offer some form of endpoint security that include the ability to lock down your USB ports. Your anti-virus or VPN solution may have that capability.

There are also third party tools that allow you to control USB devices such as Device Lock or ScriptLogic Desktop Authority.

Another method is using shared published desktops, application virtualization and streaming, or virtual desktops to deploy applications and then users cannot access the drives while using the applications you provide. Combined with GPO’s, your qualified IT professional can really lock users down.

Then, to allow users to use USB and reduce the chances of a lasting infection, and especially for public access terminals, these tools can reset the computer back to “square one” every time it is rebooted: Microsoft Steady State can be difficult to set up but it is free. There is also Returnil, which is free for some users, and Faronics Deep Freeze.

Please post your comments on this blog.


Leave a Reply

Your email address will not be published. Required fields are marked *