Re: USB Security

[GuidoZ <uberguidoz () gmail com>]

> Rather than use hiderun32.exe, use something like getadmin.exe and
> show your management what you can if you 1) bring in 4 GB of mal-ware
> and 2) leave with 4 GB of their salary data to post on the web or in
> the lunchroom on the bulletin board.

lol, yes, there are plenty of options. That why the hiderun32 hides
the batch file - you can do any command line command you wanted to
from that point (including getadmin... any of the Sysinternals or
Foundstone collection would come in handy).

Securing it is a problem. If you need the USB ports for legitimate
purposes, then you obviously have less options. If you can disable
them entirely, both through a passworded BIOS and the XP reg hack,
then you'll be sitting better. I've never used any program that claims
to lock down the USB ports against illegitimate use, though I have
seen them advertised. (Sorry I don't have any links hand.)

--
Peace. ~G


On Mon, 22 Nov 2004 21:09:52 -0600, Jimi Thompson
<jimi.thompson () gmail com> wrote:
> Rather than use hiderun32.exe, use something like getadmin.exe and
> show your management what you can if you 1) bring in 4 GB of mal-ware
> and 2) leave with 4 GB of their salary data to post on the web or in
> the lunchroom on the bulletin board.
>
> Jimi
>
> On Mon, 22 Nov 2004 16:46:38 -0500, Beauford, Jason
>
>
> <jbeauford () eightinonepet com> wrote:
> > I may be late here and someone may have mentioned it, but you can
> > disable the USB Drivers for Windows XP via the registry.  Even better
> > Logon Scripts.
> >
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;823732
> >
> > JMB
> >
> >
> >
> > -----Original Message-----
> > From: Marios Papaioannou [mailto:m.papaioannou () cytanet com cy]
> > Sent: Sunday, November 21, 2004 4:35 AM
> > To: 'Gray, Steve'
> > Cc: security-basics () securityfocus com
> > Subject: RE: USB Security
> >
> > Hello Steve,
> >
> > From my point of view, the only 100% secure way to reduce the risk of
> > usb is to disable the usb ports from bios. Any other suggestions are
> >
> >
> > welcome.
> >
> > Regards,
> > Marios
> >
> > -----Original Message-----
> > From: Gray, Steve [mailto:SGray () wakefield gov uk]
> > Sent: Saturday, November 20, 2004 1:15 AM
> > To: security-basics () securityfocus com
> > Subject: RE: USB Security
> >
> > Hi,
> > This is something we are very interested in at the moment. I have found
> > some software, from a firm called Generix, that looks as though it will
> > control the use but it is difficult to get managers to pay for it. They
> > seem to understand risks from floppy disks and CD's, but not from USB
> > devices. Any practical policy guidelines to limit risks would be
> > welcome. Steve Gray Wakefield MDC
> > --------------------------
> > Sent from my BlackBerry Wireless Handheld
>
>
> --
> Thanks,
>
> Jimi