Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Develops USB Storage Device Detector

Posted by kdawson on from the don't-bogart-that-thumb-drive dept.

Hugh Pickens writes "Bob Brewin writes on NextGov that the National Security Agency has developed a software tool that detects thumb drives or other flash media connected to a network. The NSA says the tool, called the USBDetect 3.0 Computer Network Defense Tool, provides 'network administrators and system security officials with an automated capability to detect the introduction of USB storage devices into their networks. This tool closes potential security vulnerabilities; a definite success story in the pursuit of the [Defense Department] and NSA protect information technology system strategic goals.' The tool gathers data from the registry on Microsoft Windows machines (PDF) and reports whether storage devices, such as portable music or video players, external hard drives, flash drives, jump drives, or thumb drives have been connected to the USB port. 'I have a hunch that a bunch of other agencies use the detection software,' writes Brewin."

4 of 233 comments (clear)

  1. Useless Tool... by Manip · · Score: 4, Informative

    Since you can set the security policy on a domain to ban USB and External devices, and since you can also unplug a machine from the network this tool seems to serve little to no real world purpose. It might inform you after the fact if a device has been plugged in or heck even during, but by then you've just learned that you have configured your systems incorrectly and you will need to re-image your network either way.

    Sorry if I'm being negative but Microsoft closed this "hole" a long time ago.

    1. Re:Useless Tool... by ironicsky · · Score: 5, Informative

      Agreed. You can either change the value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor and/or deny anyone who is not an admin access to the following files in the NTFS %SystemRoot%\Inf\Usbstor.pnf and %SystemRoot%\Inf\Usbstor.inf and they wont be able to mount a US drive... Password protect the bios and disable the USB storage there too.

      Of course this only works for Windows, linux users and Mac users can simply be denied access to the device chain in /dev/

    2. Re:Useless Tool... by Bacon+Bits · · Score: 3, Informative

      I tested this extensively on WinXP SP2 for a hospital worried about HIPAA. These methods only work if the UsbStor key hasn't already been created. Once it's there you can keep plugging devices in and they will all install normally (new or old).

      Under Vista and 7 there's supposed to be a new Group Policy that will prevent USB drives, but I'm not sure how it works.

      --
      The road to tyranny has always been paved with claims of necessity.
  2. This post... by danwesnor · · Score: 3, Informative

    ... is bait meant to lure out Slashdotters who can't be bothered to RTFA. The article does not mention anything about how the device works. The mention of the registry comes from a footnote in a DHS report (you know, the guys who can't find bombs if they're in your underwear). It is not sourced, and most likely an assumption since the NSA isn't in the habit of telling anybody how their $#!+ works.