USB Security

Blocking usb drives has become a serious concern for the people now, because it might lead to some serious data losses and breach of privacy along with bringing in lot of viruses and worms, which love to spread through USB drives because of windows autorun.inf problem. 

autorun.inf viruses uses the autorun feature of microsoft Windows to spread itself on computers wherever autorun.inf is enabled.The virus then, makes a copy of the autorun.inf file to the root or main directory of all the drives on your computer, internal and / or external disks including sd cards, pen drives, ipods etc, to make the virus runs every time the external disks like pendrives or USB drives are inserted or every time you double-click the drives through the windows explorer.

There are five different ways you can block usb drives from your pc:-

a. Using commercial softwares : There are several applications available on internet which can help you block your usb drives from unauthorized access. The cost ranges from 6 USDs up to around 90 USDs depending on the kind of flexibility and control you need. It is recommended that whenever you go for a commercial usb security application be careful to analyze all the features available with that application, otherwise you might end up paying more for lesses  features. Avoid using new products because sometime, it might also make your system unstable. If you going for an enterprise wise USB security application with a commercial product, test the trial version of the software either in a virtual machine or a test machine

b. Through windows registry tweaks : You can follow following steps in order to block usb storage devices from registry  provided, you have the administrator rights on the machine :- (warning : Please be careful while editing the registry because if you make a mistake accidently, your system might become unstable):-

1. Click on start and then click on run

2. Type regedit in the textbox that appear and click ok

3. A registry editor window will open up, where you have two panels each on the right and left

4. Click on HKEY_LOCAL_MACHINE on the left panel, a list will open up

5. Click on SYSTEM on the opened up list and then click on CurrentControlSet in the new branch of list that opens up (see the picture below), then again follow the same with services until you can see a usbstor in the list

 

blocking usb drives with registry

6. Click on usbstor, and then double click on start on the right pane, a pop will appear as shown in the picture below

blocking usb drives with registry

7. Change the value field to 4, select the radiobutton to hexadecimal(if it is not already selected) and press ok

8. Quit the registry editor and you are done.

c. By making changes in the bios : Nowadays, most of the computer manufacturers supports the feature of disabling USB ports from bios.

 Follow following steps to disable usb from bios:-

1. Boot your pc

2. Press F2 or whatever shortcut is there on your PC to access the bios

3. Go to advanced tab on the bios and look for USB Port

4. You should be able to find out an option for disabling usb ports

5. Save and the bios settings and reboot the machine 

User might go back to bios and re enable the usb ports, so, you should also set bios password in order to prevent that. But, then again, opening the chassis and placing the bios battery after removing it will reset the bios password. You might consider it to be an issue of physical security.

d. Using glues to block the USB ports 

Carefully fill all your usb ports with a thick epoxy adhesive . But, this technique might damage your system and you will not be able to use even the necessary usb functions such as printers which are connected to usb ports etc. This method is highly not recommended.  

e. Physically removing USB ports from your PC

Although a bit difficult, but you might also consider physically removing usb ports from your motherboard. If the usb  port is onboard, then, there is a very high risk that you end up damaging your motherboard because you will have to use a soldering machine to carefully take out the USB ports. This technique faces the same disadvantages as blocking the usb ports with glues because you will never be able to use your USB ports for necessary functions such as printing etc.