[OPLINTECH] patron USB drive

Chad Neeper cneeper at level9networks.com
Mon Aug 17 11:18:15 EDT 2015


It sounds like you're already doing pretty much all you can do. You've
disabled boot from USB in the firmware config  and  disabled autorun in
Windows. I'm not sure there's much more you can do without disallowing USB
devices entirely. I assume you Deep Freeze...

I suppose one more thing you could do would be to make use of a white-list
type manager that would disallow any executables from USB devices except
what's white-listed. I think Faronics (makers of Deep Freeze) also has a
white-list type of tool. If you could prevent all executables from the USB
devices, you might limit it to data storage only.

Personally, these days I tend to prefer a more open approach and let the
patrons pretty much do what they will and rely on DF to restore the
computer between patrons. For all the effort and money I might put into
locking the computers down and restricting usage to a completely controlled
set of use cases, I could be driving dozens of patrons with legitimate
needs away from the library for every one potentially malicious user I
might prevent (or delay) from their nefarious doings...and then some
brilliant nine year old is going to negate the efforts in 30 seconds
anyway. LOL!




______________________________
*Chad Neeper*
Senior Systems Engineer

*Level 9 Networks*
740-548-8070 (voice)
866-214-6607 (fax)

*Full IT/Computer consulting services -- Specialized in libraries and
schools*

On Mon, Aug 17, 2015 at 8:47 AM, Kevin Jones <kjones at coshoctonlibrary.org>
wrote:

> Hello everyone,
>
> A patron recently forgot a USB drive in one of our computers.  After
> looking at it to discover the owner, I found that it was made into a
> portable gaming USB drive that had Technic Launcher on it for Minecraft.
> After reading about this, it allows them to install and manage modpacks for
> Minecraft.
>
> I don't allow the USB drives to be bootable at startup or to autorun in
> order to keep patrons from getting past PC Reservation without logging in.
> I am not very familiar with the online gaming stuff, so I was wondering if
> there was any security issues with allowing patrons to continue using USB
> devices in this manner?
>
> Is there a way to keep portable OS devices and game launching devices form
> working without stopping the use of USB drives for saving files or opening
> Word docs and the like?
>
>
> _______________________________________________
> OPLINTECH mailing list
> OPLINTECH at lists.oplin.org
> http://lists.oplin.org/mailman/listinfo/oplintech
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20150817/2ceaa18d/attachment.html>


More information about the OPLINTECH mailing list