Hi,
Languard (from GFI) offers a software that boast being able to control USB
ports.
http://www.gfi.com/lanpsc/
I've never tested it though!
Marty!
-----Original Message-----
From: GuidoZ [mailto:uberguidoz@gmail.com]
Sent: Wednesday, November 24, 2004 12:30 AM
To: Jimi Thompson
Cc: Beauford, Jason; Marios Papaioannou; Gray, Steve;
security-basics@securityfocus.com
Subject: Re: USB Security
Rather than use hiderun32.exe, use something like getadmin.exe and show
your management what you can if you 1) bring in 4 GB of mal-ware and 2)
leave with 4 GB of their salary data to post on the web or in the lunchroom
on the bulletin board.
lol, yes, there are plenty of options. That why the hiderun32 hides the
batch file - you can do any command line command you wanted to from that
point (including getadmin... any of the Sysinternals or Foundstone
collection would come in handy).
Securing it is a problem. If you need the USB ports for legitimate purposes,
then you obviously have less options. If you can disable them entirely, both
through a passworded BIOS and the XP reg hack, then you'll be sitting
better. I've never used any program that claims to lock down the USB ports
against illegitimate use, though I have seen them advertised. (Sorry I don't
have any links hand.)
--
Peace. ~G
On Mon, 22 Nov 2004 21:09:52 -0600, Jimi Thompson <jimi.thompson@gmail.com>
wrote:
Rather than use hiderun32.exe, use something like getadmin.exe and show
your management what you can if you 1) bring in 4 GB of mal-ware and 2)
leave with 4 GB of their salary data to post on the web or in the lunchroom
on the bulletin board.
Jimi
On Mon, 22 Nov 2004 16:46:38 -0500, Beauford, Jason
<jbeauford@eightinonepet.com> wrote:
> I may be late here and someone may have mentioned it, but you can >
disable the USB Drivers for Windows XP via the registry. Even > better
Logon Scripts.
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;823732
>
> JMB
>
>
>
> -----Original Message-----
> From: Marios Papaioannou [mailto:m.papaioannou@cytanet.com.cy]
> Sent: Sunday, November 21, 2004 4:35 AM
> To: 'Gray, Steve'
> Cc: security-basics@securityfocus.com
> Subject: RE: USB Security
>
> Hello Steve,
>
> From my point of view, the only 100% secure way to reduce the risk > of
usb is to disable the usb ports from bios. Any other suggestions > are
>
>
> welcome.
>
> Regards,
> Marios
>
> -----Original Message-----
> From: Gray, Steve [mailto:SGray@wakefield.gov.uk]
> Sent: Saturday, November 20, 2004 1:15 AM
> To: security-basics@securityfocus.com
> Subject: RE: USB Security
>
> Hi,
> This is something we are very interested in at the moment. I have >
found some software, from a firm called Generix, that looks as > though it
will control the use but it is difficult to get managers > to pay for it.
They seem to understand risks from floppy disks and > CD's, but not from
USB devices. Any practical policy guidelines to > limit risks would be
welcome. Steve Gray Wakefield MDC
> --------------------------
> Sent from my BlackBerry Wireless Handheld
>
>
--
Thanks,
Jimi
_________________________________________________________________
Gardez le contrtle grbce ` la protection contre les fenjtres pop-up
articulie sur la technologie brevetie Microsoft SmartScreen
http://join.msn.com/?pgmarket=fr-ca&page=features/popup Commencez dhs
maintenant ` profiter de tous les avantages de MSN Premium et obtenez les
deux premiers mois GRATUITS*.
