USB security: how to lock down the ports

USB ports can be a security risk, seeing how flash-based USB drives have got so common and are capable of containing lots of data. It’s really easy to enter a 1 GB disk in a company, carrying it in your pocket, and copy private data which should not leave the organization. Usually you only have to connect the disk and works out of the box, without needing any driver installation.

If you want to avoid these kind of risks you can use hardware-based or software-based methods. The hardware based ones can be the most effective, but also have the burden of not being able to use the USB in case you need it.

To deactivate an USB port you can either disconnect it from the motherboard (if it’s not integrated), deactivate it from the BIOS (not very reliable) or fill the hole with glue so nobody can insert anything in it.

If you want to it by software, you can disable the USB ports completely as explained in the Microsoft Knowledge Base: How to disable the use of USB storage devices. You can also make the USB devices read only.