Security - Restricting to specific USB sticks

Discussion in 'Networking & Security' started by SCiFiRE, Oct 28, 2008.

  1. SCiFiRE

    SCiFiRE [H]ard|Gawd

    Messages:
    1,743
    Joined:
    Jun 13, 2000
    Hi Guys,
    really wasnt sure where to post it, so i have posted it here and in storage.

    Ive got some laptops at work, and i want to stop people from using unauthorised USB sticks. I do NOT want to restrict USB sticks completely, as it not only makes my job harder but also negates our emergency file-transfer system if our wireless goes down.

    So Im wondering if there is a method or some software that would have the laptops only accept two or three specific USB sticks (via device ID, or a certificate file, some sort of encyption even)?

    The laptops are all running Windows XP SP2
     
  2. Keiichi

    Keiichi [H]ard|Gawd

    Messages:
    1,493
    Joined:
    Jun 10, 2004
  3. Direwolf20

    Direwolf20 2[H]4U

    Messages:
    2,468
    Joined:
    Mar 10, 2004
    I agree with Keiichi, I can't think of anything better. Disable them all, and know how to enable them when you need to. Its better than filling all the USB ports with superglue at least :).
     
  4. SCiFiRE

    SCiFiRE [H]ard|Gawd

    Messages:
    1,743
    Joined:
    Jun 13, 2000
    Nah, I'd rather just leave them enabled and give the team a stern talking to about bringing in outside USB sticks. If Im not here and the wireless goes down (which i have no control over, thats the contracted IT dept), They need a quick method of transfering files or core-business will stop.

    Ive found a few software package options now that look like they do what i need.
    thanks anyway guys
     
  5. archivalbackup

    archivalbackup Gawd

    Messages:
    643
    Joined:
    Oct 12, 2007
    VMware ACE. Gives you exactly the control on which USB devices can / will be allowed.
     
  6. XOR != OR

    XOR != OR Stay [H]ard

    Messages:
    20,554
    Joined:
    Jun 17, 2003
    Zen10 from novell does this I think.

    That's if you want the overhead of running zen that is.
     
  7. archivalbackup

    archivalbackup Gawd

    Messages:
    643
    Joined:
    Oct 12, 2007
    You may be able to do this by installing the drivers needed by a few types of USB sticks, then denying your users the ability to install new hardware / drivers. I would have to think that through for a bit though.
     
  8. XOR != OR

    XOR != OR Stay [H]ard

    Messages:
    20,554
    Joined:
    Jun 17, 2003
    Wouldn't work; most USB keys work with the generic mass storage driver. No additional drivers needed, and the driver loads just fine as a limited user.
     
  9. slowbiznatch

    slowbiznatch Gawd

    Messages:
    856
    Joined:
    Oct 24, 2001
    Pretty sure you can do this in Symantec Endpoint Security.... not sure if that's something you'd be interested in migrating to, though.
     
  10. mashie

    mashie Mawd Gawd

    Messages:
    4,165
    Joined:
    Oct 25, 2000
    We have some very annoying software at work that do just this. Unless the USB device you try to connect is white listed forget about using it.