Copyright 2005 Sun Microsystems, Inc. ALL RIGHTS RESERVED Use of this software is authorized pursuant to the terms of the license found at http://developers.sun.com/berkeley_license.html USB Security: Background: ========================= Many USB users are concerned about USB security, especially unauthorized usage of small USB devices, for example, hotplugging a USB memory stick to copy data from a secure system. There is a need to address this at the OS level, however, we have also tried to address it with a script that can be used to limit access to USB mass storage devices. What utility can be used? ========================== We have a script called usbsecure.pl that can be used to implement USB device access limits. The usbsecure.pl script allows you to disable all USB devices or allow only the devices that are currently connected to the system. For example, only the keyboard and mouse, USB audio, and USB serial but not USB mass storage. How does this work: =================== The file /etc/driver_aliases contains information on how to bind drivers to devices. USB devices have "compatible names" that can be viewed using prtconf -v. The compatible name is an alias that is placed in /etc/driver_aliases using add_drv(1M) which installs the driver. This is called a binding. By making the binding (aka alias) very specific we can allow only the devices which are currently connected to be hotremoved and reinserted (or an exact equivalent). The script uses update_drv(1M) to manipulate the bindings. The demo section shows how to disable all other USB devices. The script supports saving and restoring bindings which allows hotplugging by authorized users to insert a USB memory stick just to copy some data and then restricting the bindings again. Unfortunately, a reboot is necessary after restricting the bindings (-s option) but not after extending the bindings (-r) This will be fixed in a future release. Usage ===== Please check out the details in the demo section on how to use this script. Contact ======== If you have any questions or suggestions, please email us at: usb-help@sun.com