To do this, go to run and type gpedit.msc. #DISABLE SYMANTEC ENDPOINT PROTECTION ENABLE USB DRIVER#Turn off automatic driver installation. Windows will then not run any applications automatically on inserting a USB device. In which case, a simple solution would be: #DISABLE SYMANTEC ENDPOINT PROTECTION ENABLE USB INSTALL#These exist for mass storage devices, obviously, however, in order to automatically install drivers you need Windows - Linux has no such autorun capability (that I know of). At the host end, you need device drivers capable of communicating with the device for it to work. On the likelihood of USB cloning devices actually working - well the USB spec simply defines a bus. However, I suspect a dedicated solution for this would be best. You can disable USB storage classes using something akin to this method - and you can definitely lock the screen from a script using Rundll32.exe User32.dll,LockWorkStation. no support at all, using the techniques here or by totally removing the relevant controllers from the kernel.Īs to whether this can be done on Windows - from looking, not so easily. In my kernel, these are baked into the core binary, so there is nothing I can do to remove them from the kernel.īe aware that removing those host controllers will also totally wipe out your usb keyboard and mouse - so ensure you're running serial. You can modify this to totally disable the usb stack - you'll need to modprobe -r on ohci, xhci and ehci and any other prefixes to hci you can find. Firstly, you'll need to use this script to lock your screen secondly, this only disables usb storage devices #!/bin/sh Methods and or suggestions for Windows 7 and Linux would be great. How do I disable unused USB ports etc when the computer is in 'locked' mode so that they can't just plug in and copy data from the hard drive? Any other precautions that I could take? Also it's unlikely they will walk off with the PC to do a thorough job of it. Obviously it's less likely they're going to open up the case and hot plug in something into the PCI bus to do it. flatmate, colleague etc plugging in and copying data from the hard drive. My plan is to stop a casual attacker, e.g. Now I assume the data must also be readable if I'm not logged in either as they could plug a device into one of the USB ports and copy the unencrypted data on the hard drive partitions that are mounted. #DISABLE SYMANTEC ENDPOINT PROTECTION ENABLE USB PASSWORD#So the data is readable if you have access to the machine and know the password to log in. However if I'm not there I usually don't bother dismounting the encrypted containers as it's time consuming to enter the long password to remount them each time. Now the data is encrypted on the hard drive with TrueCrypt. Lets say my PC & server is in an environment where a theoretical attacker has physical access to the machine while I'm not there.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |