How to disable USB storage devicesApril 21, 2008 – 7:46 PM
With all the high storage devices like the iPod classic going up to 160GB and just fitting in your inside pocket, people are getting more scared of data loss. Even Dave Lewis from Liquidmatrix recently saw someone at a client site using an iPod to pull corporate data onto it as a hard drive.
On Liquidmatrix, he mentions an easy trick to disable this without deactivating USB entirely. It just disables USB storage devices.
Run regedit ans search for the key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR
The key value for “Start” is set to “3″. This permits USB storage to be attached to the system in question. If this is flipped to “4″ storage devices will be disabled. Whatever you do, make a backup before attempting any registry work.
Some endpoint security software packages gives you the possibility for employees to use USB pendrives and the like but the data won’t be usable on a non-corporate PC. It also allows more granular control over connectivity in endpoint devices. But it doesn’t always has to be that complicated (or expensive).
McAfee Avertlabs had also an interesting piece: Data in your pocket.
As devices grow smaller and other devices not really seen as “traditional computers” like mobiles and others storage capable devices become more popular, the physical security of such devices become important again. Mobile phones these days can easily store 2-8 GBs of data or more. This could include business critical emails, identity, credit card information or family pictures. As these devices are small, they can easily be lost, stolen and pilfered. Most of these devices run sophisticated enough operating systems, often with wireless capabilities and Bluetooth as well, making other application and network issues applicable to them as well. Not only such handheld devices, even traditional equipments are more vulnerable to physical security these days as most of the concentration is on securing the systems from network or application attacks.
Data that can roam with us in our pockets is less physically secure, but good user education and software can at least keep it from getting misused, if not able to prevent it from getting lost.