Disabling USB Ports with a Glue Gun is Not a Best Practice

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

There certainly is no shortage of stories about short-sighted and error-prone IT and security staffs whose carelessness leads to loss of valuable data.


For instance, court documents say that Countrywide Home Loans lost approximately 20,000 customer records because IT missed gluing shut the USB port of a single PC. Though it is unknown how many ports Countrywide glued shut, it seems a bit unfair to single out IT for a single miss.


In the bigger picture, it seems silly in this day and age to rely on gluing a port to secure an organization's data. Actually, there are a couple of ways of disabling USB ports. A glue gun simply is the least subtle. The other, according to this blogger, is to change the BIOS settings and protect those changes by using passwords. (Another approach to changing the registry to disable the USB drive is available here.)


The blogger points out, however, that the downside of both of these approaches is that it keeps the organization from realizing the benefits of the USB port. A better alternative, he says, is to disable only the functions of the USB port that allow it to be written to. The writer then provides step-by-step instructions on doing so and flags three possible workarounds for the users trying to circumvent the changes made to the system and continue unauthorized downloads.


The bottom line of all this is that monkeying with computer hacks or epoxy isn't the best approach. The focus must switch from dealing with the network's growing number of points of entry and exit to a focus on the data itself.


Data-centric approaches such as data leak prevention and encryption are tools in which the focus is on protecting and tracking the data and, in some cases, sounding appropriate alarms when an issue arises. This is a far more reasonable approach to data security than scurrying around and trying to glue shut drives on every machine.