Lock that USB port to stop casual data theft
by Marc Perton 
posted Jan 19th 2006 at 2:45PM
We've come across another USB lock, and
unlike the half-baked USB
Port Security Lock, which attempts to use your USB port as a substitute for a Kensington lock port, Lindy's USB
Port goes after the simpler and more practical goal of securing the USB port itself. The device consists of two pieces:
a lock that snaps into your port, and a key that you use to pull it out. The idea, of course, is that locking your USB
ports will stop casual data theft, and we could see this coming in handy for, say, offices with lots of open cubicles
or college data centers. Realistically, though, this probably provides only minimal protection, since you'll still be
open to network-based attacks (not to mention CD-burner data theft) -- and we suspect that a brute force attempt to rip
this out could totally trash your USB port, forcing fairly expensive repairs. Still, if you want to give it a try, you
can get a pack of four in your choice of blue, green, pink, orange or white for just £14.99 ($26.45).[Via the Red Ferret]
Filed under: Misc. Gadgets, Peripherals
Reader Comments (Page 1 of 1)
guest @ Feb 7th 2006 7:07AM
These days you need to be granular about what removable devices you allow staff use, thats where DeviceLock from UK distributor Softek comes in.
DeviceLock is the most granular product on the market today, it's easy to install using it enterprise manager or even using Group Policy.
All at a low price you will be amazed at.
Andrew @ Feb 19th 2006 8:28AM
DeviceWall is the weakest product in this category. In the recent review ("Removable Device Security", available on the web), the author says abourt DeviceWall: "The Centennial DeviceWall product is very basic and provides almost no extended features.". It is 100% true.
As it was said above, DeviceLock (www.devicelock.com) is the most powerfull product on the market to control USB and FireWire ports as well as other devices (WiFi, CD-ROM, etc.).
Andrew @ Feb 19th 2006 8:39AM
In additional to my previous posting - there is another comparsion review on the web: http://www.securitybyte.com/articles/device_control_solutions.ehtml
It includes DeviceWall (www.devicewall.com), DeviceLock (http://www.devicelock.com) and Securewave (www.securewave.com)
Dave @ Jan 19th 2006 3:00PM
This could also be easily defeated by unplugging any existing USB device (keyboard, mouse, etc) and plugging a USB drive into that.
jb @ Jan 19th 2006 3:02PM
we took family pictures at sears photo shop. They used windows machines to store, show, & print the photos. USB ports on the front. Very easily could have insert usb thumb drive copied all photos taken & opted not to purchase any photos & printed them myself. Photographer left the pc unattended quite often.
I can see something like this or I guess the simple disable usb ports being necessary.
TheOzz @ Jan 19th 2006 3:39PM
This is like locking a few windows in your house on the second floor and not locking the windows on the first floor. In addition to the mentioned network vulnerabilities and CD-burner theft I will add the following: diskettes for small files, emailing data to yourself via a web based email client, online storage, FTP data off to a remote server, blue tooth, FireWire, InFrared, and let us know forget the many media interface types being offered up on PCs and laptops like SD, flash, etc.
Matt Fisher @ Jan 19th 2006 3:56PM
As your article states, this really only offers minimal protection - if any at all. If you need to manage a number of PCs, you need a software-based solution that can be configured to allow the right people to access certain devices while automatically blocking all other attempted connections. What's more, many of these device control solutions allow you to centrally monitor the connection of different device types, so you can see who and what are the main data threats in your organisation.
Fnerk @ Jan 19th 2006 4:36PM
Solution 2:
Large tube of strong glue.
You can get quite a lot for 14.99.
Nick Williams @ Jan 19th 2006 4:45PM
Any somewhat tech savvy thief could and would use FireWire. It's faster.
Danik @ Jan 19th 2006 5:28PM
Why not just buy a computer without usb?
Hewfish @ Jan 19th 2006 9:00PM
Try this instead for windows based systems... Sanctuary Device Control... its a kernel level driver that intercepts all hardware calls and allows you to set permissions for hardware.
This is really designed for enterprise networks.
http://www.securewave.com/sanctuary_DC.jsp
Tim @ Jan 20th 2006 1:17AM
Why not just disable the USB ports in the BIOS and/or from the admin account?
Paulo Maia @ Jan 20th 2006 9:30AM
Software is the best way to control this devices. Most of the operational system has tools to block the usb ports. The problem is that you cant use devices such as a mouse or a printer. Some softwares however allow you to set a usb port as not able to write and able to read.
Nels @ Jan 20th 2006 5:32PM
@Hewfish, comment #8: This is probably the best solution for savvy System Admins responsible for networks requiring a certain level of security.
@Dave, comment #1: This is correct. A more comprehensive solution would include the use of in-line USB locking devices which would serve to secure USB ports already in use. Do such in-line USB locking devices exist? If not, then perhaps this is a market niche that can be filled.
Ken Westin @ Jan 23rd 2006 12:11PM
Really you should look at blocking all removable media devices and not just USB devices. Also sometimes you need to give people certain access to only particular devices. How about the ability to audit who downloads what to what devices? Products like DeviceWall:
http://www.devicewall.com
...do this quite well, is easy to administer and provides granular access controls so those who need access to these devices have it.
guest @ Feb 5th 2006 5:16AM
under link is my experimental software solution for linux... if someone have time to try it and send me some feedback i'll be greatfull. greets.