1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Blocking USB devices

Discussion in 'Computer Security' started by BrizoH, Jun 19, 2009.

  1. BrizoH

    BrizoH Byte Poster

    243
    6
    25
    Is anyone using 3rd party software to block unauthorised USB devices?

    It's a requirement at my new employer, just wondering what your experiences are of the various packages out there
     
    Certifications: CCNA, CCNA Security
    WIP: CCNP
  2. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    sellotape usually does the trick. As for software I have never heard of any as I am lucky that there aren't many people in my department and if I was told to have USB device banned from being used I'd open the PCs and disconnet the USB ports.:D
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  3. jk2447

    jk2447 Petabyte Poster Moderator

    5,483
    354
    249
    We use software called Sanctuary. Works perfectly. On another note just got off a 2003 server course and the MCT told me in Vista, Win 7 and Server 2008 you can lock the USB ports down using a group policy in AD. So if you're lucky enough to be on these OS's I'd go for the free option :D
     
    Certifications: BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, VCP4, CCA (XenApp6.5), MCSA 2012, VCP5, VCP6-NV
  4. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Yeah, that'll work. For people who don't know how to peel sellotape off!

    I've seen people glue the ports shut - that's a bit better, but not exactly a good solution if you ever decide you;re going to be a bit more lenient/deploy the workstation to someone who can be trusted/sell it/take it home to use as a test machine yourself :biggrin

    Seriously - take a look at DeviceWall. It has some nifty reporting features and is easy to deploy - though not free. Alternatively, you could look at locking down removable devices via a GPO - if you have (koff, koff) Vista
     
    Certifications: A few
    WIP: None - f*** 'em
  5. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    I work with retards so I'm pretty safe there :D

    I don't use Vista but I will have a look at Devicewall :D
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  6. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  7. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  8. dales

    dales Gigabyte Poster

    1,998
    46
    97
    I've heard good things about devicewall so will second zebs comments. We are lucky enough to have that by default in novells zenworks product so we dont have to worry about it. Just obviously make sure that you can be selective about what type of devices the software disables (dont want to buy something that disables all usb devices keyb and mouse).

    ON another note there is hardware you can get that will disable usb ports... flathead screwdriver, insert, twist. Not good for the pc's capital value though!
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing
  9. BrizoH

    BrizoH Byte Poster

    243
    6
    25
    Thanks for the replies guys (I guess I'm not the only one thinking about work/IT stuff on a Friday night :) )

    Screwdrivers/Sellotape/Threats of physical violence would normally suit me but unfortunately this is a client requirement, we have to ensure that only authorised USB storage devices have access (and those permitted must be encrypted)

    Vista is on very few of our machines so GPO is not really an option, also we do have to allow a certain number of devices so I think 3rd party products are the way to go for now at least.

    So far I have a shortlist of Devicewall, Safend and GFI Endpoint security. Aside from GFI I have no idea on pricing, so next week I'll do a comparison of the three - if anyone is interested I'll post the results back here
     
    Certifications: CCNA, CCNA Security
    WIP: CCNP
  10. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    5,369
    85
    190
    Sanctuary is used on my planet aswell!
     
  11. jk2447

    jk2447 Petabyte Poster Moderator

    5,483
    354
    249
    Spot on innit mate
     
    Certifications: BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, VCP4, CCA (XenApp6.5), MCSA 2012, VCP5, VCP6-NV
  12. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    Physical violence always works, especially when your management couldn't negotiate themselves out of a paper bag.

    I'm dissapointed you haven't considered the sellotape way, you could back it up with a company wide email telling them that the sellotape is there for a ****ing reason and it's got nowt to do with the computer hurting itself.:D
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  13. Sco0t

    Sco0t Byte Poster

    136
    2
    27
    regedit, well I normally use registry if I want to write block on my own personal PC.
     
    Certifications: Bsc Net/Sys Support, HND Tech Support
    WIP: Network+

Share This Page

Loading...