Nowadays, you can connect almost anything to a computer via a USB port. Portable storage devices allow you to keep gigabytes of data on your keychain. Cell phones, cameras and GPS units all use USB ports to charge their batteries, receive updates and transfer data. From the user's perspective, the option is very convenient: it reduces the number of cables you need on your desk and allows the easy transfer of information. From a security perspective, however, it can be a nightmare. Consider the following scenarios:

• A user unfamiliar with proper security controls copies sensitive information to a USB drive without using encryption and then loses the drive on public transportation.
• An employee brings a USB drive from home containing information and software related to a child's soccer league, runs it, and unknowingly introduces malware onto the corporate network.
• A member of the cleaning staff with nighttime access to the building uses a USB drive to steal large volumes of development plans, seeking to sell them to a competitor.

In this tip, we take a look at three USB port management methods that will help you protect your organization from these types of risk.

Block USB access

Perhaps the most brute-force approach is to block the use of USB drives completely. Certainly, you could do this by physically blocking access to the USB port or disabling the USB adapters through the operating system. However, this is not likely a workable solution, as many keyboards, mice, printers and other peripherals require access to the USB port.

Fortunately, within Microsoft Windows you can prevent users from connecting USB storage devices to a system by changing access permissions to the USBSTOR.PNF and USBSTOR.INF files. This will prevent users from installing new USB storage devices on affected systems. To automate the process, you can deploy the policy through a Windows GPO.

Two important notes for this process:

• This policy should be put in place as you build a new system. If a USB storage device is already configured on the system when the policy is deployed, users will still be able to use that device without policy restrictions.
• If you use GPO, you will need to apply the GPO to computers, rather than users, for it to work properly.

Again, this is the quick-and-dirty (and also free!) approach to the problem. If it doesn't suit your needs, consider the other methods described below.

Encrypt USB devices

If your primary concern is protecting the confidentiality of data on your network from disclosure due to accidental loss of a USB device, consider using encryption technology to protect sensitive information stored on portable devices. There are three main strategies to achieve this goal:

• The easiest, most effective and most expensive option is to purchase devices with built-in, strong encryption.
• There are many inexpensive solutions for this option. Encrypting the file system on each device before. Providing it to users is easy and affordable.
• Finally, if all else fails, you can encrypt individual files before copying them to a USB device.

Well, that’s it for today. Short and sweet. Do let me hear from you. I can be reached at This e-mail address is being protected from spambots. You need JavaScript enabled to view it. . Till next time………