USB Flash Drive Security

So what is a USB flash drive exactly? This little device uses flash memory to store information and transfers that information via a USB (Universal Serial Bus) connection. Unlike a conventional hard drive, a flash drive has no moving parts. Instead, it is a special type of EEPROM (electrically erasable programmable read-only memory) that can be erased and reprogrammed automatically. Now granted, the storage capacity doesn’t even come close to what conventional hard drives offer but there is still plenty of room to store large video and audio files in addition to large documents.

USB flash drives come in all different shapes and sizes

but are usually no bigger than a pack of gum. Other terms you may have heard that are synonymous with this type of device are thumb drives, pen drives, pocket drives, etc. The small size of these devices should be of concern when evaluating their use in your environment; especially from an information security perspective. They are easy to hide, can store a considerable amount of data, are simple to use, easily accessible and very affordable.  

If proper steps are not taken to secure your computing environment, a USB flash drive would be an ideal means of collecting valuable information and literally pocketing it. So what steps can be taken to secure your environment against these potentially sinister little devices? Here are two rules of thumb.

Confidential information should be kept… confidential!

• Make sure you have a strong information security policy in place. Confidential information should be kept on your servers or in password-protected folders or shared drives. There’s no reason sensitive information should be saved on a local hard drive if it doesn’t have to be. That’s like leaving your $50,000 BMW parked on a busy street while your four car garage sits empty!

Disable the use of USB storage devices for users that don’t have a valid business need for it.The process for disabling

• USB storage in the Microsoft Windows environment is fairly simple but if you’re not familiar with the Microsoft Windows Registry or system structure, this may be something you’ll want to get assistance with. Intermediate and advanced users (i.e. system administrators, IT technicians, etc.) will most likely find this pretty straightforward. And not to worry, this will not affect normal USB devices such as mice, keyboards, or printers. This will only disable the use and installation of USB storage devices.

DISCLAIMER: The following should only be attempted by those who are familiar with the Windows Registry and system structure. Any time you make major changes to a system, it’s a good idea to backup your system registry. Go here for Microsoft’s instructions on how to do this.

The following is a step-by-step tutorial taken from Microsoft’s Knowledge Base article 823732. I’ll do my best to put this in layman’s terms so that you brave beginners can take a crack at this if you so desire!

If a USB Storage Device Is Not Already Installed on the Computer

1. Start Windows Explorer, and then locate the %SystemRoot%\Inf folder. In most cases this will be the C:\Windows\Inf\ folder. Make sure you include hidden files and folders in your search as the Inf sub folder is a hidden folder.
2. In the Search Results window, right-click the Usbstor.pnf file and select Properties.
3. Now click on the Security tab.
4. In the Group or user names list, select the user(s) or group(s) for which you want to disable USB storage permissions.
5. Now look below that list in the Permissions for UserName or GroupName list and check the Deny check box next to Full Control and then click OK (see screenshot below).
6. Follow steps 2-5 for the Usbstor.inf file as well.

NOTE: Missing the Security tab under Properties? In Windows Explorer, do the following:

1. Click on Tools then Folder Options.
2. Click on the View tab.
3. Scroll to the bottom of the Advanced settings list and uncheck Use simple file sharing (Recommended).
4. Click Apply then OK (see screenshot below).Use this procedure if storage devices such as flash drives, MP3 players, etc. have already been installed on the PC.

If a USB Storage Device Is Already Installed on the Computer (MP3 player, thumb drive, etc.)

1. Click Start and then Run.
2. Type ”regedit” (minus the quotations) in the Open: field and click OK.
3. Locate the following registry key by clicking through the plus boxes starting at the top level HKEY_LOCAL_MACHINE:
   
4. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor
5. In the right hand pane, right-click on the Start key then click on Modify (see screenshot below).
6. Change the Value data to 4 and make sure the Base bullet is set to Hexadecimal (see screenshot below).
7. Click OK, close the Registry Editor, and restart the PC.

Good luck!