Plush
Member 11574
Level 19.97
Aug 2006
|
Apr 10, 2009, 07:38 PM
Local time: Apr 10, 2009, 07:38 PM
|
#1 of 15
|
Against a concerted employee who's willing to do the research, its near impossible to completely limit access to USB devices, as they've got the hardware, which is a huge disadvantage. At best, you can make it difficult for them to do so, and make the costs outweigh the rewards only for those who have an extreme need.
With custom hardware you could probably assign hardware bits with a hash pattern. It would be repeatable and you would be able to disable selected values out of the hash through administrator pushed updates. However, a determined person with access to several USB devices could probably figure out the pattern. They could also use easier methods like just getting around the administrative privileges on the system itself and disabling the lockout.
You could also have handshake software installed on both, as has been mentioned, which would serve a similar function, but with a few read only files. Again, similar problem that they have access to the hardware, and there are known attacks for most major OS' to enable admin access.
Also, why only company USB devices? Is this to avoid something like USB data theft?
Jam it back in, in the dark.
|
Similar Threads
Araes