USB device registration
Keith
keith at caramail.com
Wed Feb 2 21:07:49 UTC 2022
On 2/1/22 4:53 PM, rikona wrote:
[snip]
>
> I agree - a good suggestion. But, I donated all my extra hardware to
> someone who refurbishes it for low-income kids, so I don't have
> anything I can use for that. I've considered the pi a number of times,
> for various purposes - maybe it's time to go down that road. :-) IIRC
> there is an easy way to completely clean a system and restore it to a
> 'new' system, but I don't remember how to do that. That might be a good
> way to get a 'throw away' system for testing with the pi.
>
>> Whether you use a test system or not, usbguard can be used to set
>> whitelist and/or blacklist policies that can specify what type of
>> device can be used on specific port. So if you have a usb keyboard in
>> port 1, you would craft a policy that only port 1 will allow usb
>> keyboard devices. Plugging a keyboard device into any other usb port
>> will fail. So any badusb key that tries to register itself as a
>> keyboard will fail since only port 1 allows keyboards and your
>> keyboard is already in port 1. This action alone defeats the more
>> popular attacks by badusb.
>
> That's what I was thinking about doing in my main box *before* plugging
> in the other USBs.
>
> Thanks again for the suggestions - much appreciated.
>
You're welcome. Just want to mention, though, that there's a lot of
other things that can be done besides the more obvious ones I listed.
There is a plethora of linux hardening guides which will help further
lock down you machines.
You didn't mention the profile of the users providing the usb keys to
you, but if they are clients you might want to investigate providing
them with trusted secure usb keys to store their data on. There are a
few companies offering usb keys where the device's firmware is not
upgrade-able through a regular flash process, so just sticking it in a
compromised host won't result in the usb key being infected. Obviously
they're going to be more expensive than a regular usb key, but it would
be worth it if it keeps your system from becoming infected and also from
becoming a source for infection to other people's devices.
--
Keith
More information about the ubuntu-users
mailing list