Probably one of the most common things you’ll see around the office these days are the desktop computers equipped with two or four open USB ports. Unlike the earlier computer models that had obscure ports or connectors designed for each specific hardware, the usb ports of today enable workers to utilize a multi-use, universal data stream for a variety of tasks such as printing, scanning, storage, and networking, among many others.
However, sometimes giving workers complete freedom with this kind of hardware could pose serious security threats since mischievous office staff can virtually plug in any flash drive, external hard disk drive, or even normal mp3 player to copy or transfer sensitive corporate data to their devices. They could also transfer potentially harmful malware from the flash drive to your desktop. Some of the more tech savvy employees might even copy licensed software for personal use through USB ports.
So in the interest of the network security, some administration only find it prudent to deliberately disable USB flash drives to prevent employees from using them. Here are some of the ways in which IT administrators address security concerns involving USB ports.
One of the best ways to go about this is to change the BIOS settings for each workstation and then assigning passwords to the BIOS settings to prevent employees from modifying them. You can also disabling write access or write privileges to USB ports through the Windows Registry so that data cannot be transferred to a connected device (and thus rendering them as read-only). In addition, you can completely disable users from attaching and reading USB storage devices by editing values of certain registry entries or adding new registry keys.
Here’s another way, you can disabling USB ports from the Device Manager function of Windows or uninstalling the USB mass storage drivers completely. Make a Group Policy that disables “read” and “write” access to USB devices attached to computers within the network. You can also unplug the built-in USB ports from the PC card or bracket within the motherboard to prevent users from connecting to this common PC component.
You want to actually avoid completely disabling USB ports by filling them with thick epoxy adhesives to render the ports unusable for life. Some of you might think this is a little extreme, but it’s been done before. Another silly one is fixing tape over the USB ports to prevent USB device insertion. You also want to avoid downloading paid or free software such as Intel’s USB Blocker or IntelliAdmin’s USB blocking tool for those who don’t want to mess around the registry entries.