Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Locking down USB on Linux
From: Michael Miller <mike.mikemiller () gmail com>
Date: Tue, 6 Jul 2010 16:44:55 -0700

Adrian,

Have you checked the NSA's CSS guides?

http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml

I used this as a checklist last time I had to do some system
hardening.  It did give you several ways depending on if you where
running a headless machine or a machine with a head (X Display).

I'll also go with the last poster. Epoxy works really well.  But then
again what if they pop open the case and find a USB port or pins that
just require a cable to use another path on the system board?  Then
again if they use a boot disk and disable any OS level protections /
disabled devices you are SOL.

-mmiller

On Fri, Jul 2, 2010 at 5:08 AM, Adrian Crenshaw <irongeek () irongeek com> wrote:
Hi all,
    I've be doing some work on locking down Windows Vista/7 against
malicious USB devices:

http://www.irongeek.com/i.php?page=security/locking-down-windows-vista-and-windows-7-against-malicious-usb-devices

Anyone have guidance on doing the same in Linux? I imagine there are udev
rules that can be set?

Adrian

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault