Your organization is concerned about security issues related to USB flash drives. What is the best way to administratively disable the USB ports on a computer?
A) Disable the USB ports in the system BIOS and configure an administrative password
B) Remove the USB drivers from the operating system
C) Add physical USB locks to each USB interface
D) Modify the operating system permissions to prevent access to the USB ports
Pages: 1 2
What about administering rules via Local Computer Policy?
A local computer policy isn’t a bad idea, but it doesn’t disable the USB port outside of that Windows configuration. I could easily bring a bootable CD or DVD and have full access to the USB port. By disabling the USB port in the BIOS, there’s no possible way to ever use the USB port, regardless of the operating system.
But it is also fairly simple to reset a bios password. I don’t see how just disabling it in the bios would increase the level of security by a significant degree. Unless you were to physically lock the case to prevent tampering.
In environments where it’s important to disable the USB port, additional physical security is usually taken to ensure that resetting the BIOS is much more difficult than your computer at home.