USB DEVICE CONTROL & USB LOCKDOWN SOFTWARE
Device Control Software to Centrally Manage, Monitor and Block USB Device Access to Endpoint Computers in a Network.
Features Smart USB Lockdown and Autonomous USB Port Management to Protect Enterprise & Industrial Control Systems.
Prevents Malware & Data-Loss by Blocking Unauthorized Removable Media, Portable Devices and Wireless Adapters.
Start protecting your network in minutes. Very easy to operate and set security policy. Protection scope is divided in 4 sectors; just select a client machine or computer group and press the desired lock to keep removable storage and portable devices threats away. Once set operation is automatic. Intuitive administrative GUI, virtually no learning curve involved.
Prevents Zero-day USB-based exploit from entering your systems. Blocks USB Incoming and outgoing of data. Authorized Devices Hardware IDs working storage is AES 256 variable key, variable initiation vector CBC (Cipher-Block-Chain) Mode encrypted and HEX masked. Prevents USB Devices Hardware ID spoofing. Secures systems even if the user is running with administrative credentials
Authorize specific USB removable drives and/or specific smartphones access to specific computers or to all computers in the network and block the rest. Prevents unauthorized access to USB ports, removable storage, portable devices and other Removable Media from accessing operating systems in the network.
Centrally set or change security measures and automatically receive and log details on blocked, and authorized devices as they are plugged into endpoint computers in real-time. As well as logging and receiving records of files transferred from endpoints to authorized USB Devices as events occur.
Presents informative Lockdown alerts screens at client computers upon blocking devices, USB Lockdown screens presented at endpoint computers are personalized with the end-user organization/enterprise logo. Personalization is automatically done by our team prior to secure electronic delivery (within 3 hours order made)
Designed to control USB port access without interfering with non-storage USB peripherals (mouse, keyboards, webcams, printers), But capable of detecting and unobtrusively protect against keystroke injection and malicious payload attacks by devices such as BadUSBs (USB Rubber Ducky) that impersonate HID keyboards or mouse.
Effective monitoring of data/files transferred from endpoint computers to authorized USB portable storage (thumb/flash/pen drives). Records automatically arrive and are stored secured at the Control server. The Administrative Console can be set to send these records to a SMTP (TLS/SSL) email within your domain in real-time.
Protects information contained inside authorized Thumb drives by optionally forcing automatic AES 256 encryption of all transferred data/files from network endpoint computers to allowed USB devices, Effectively provides USB access control to protect sensible data in cases when the authorized device is lost or stolen. USB Encryption policy can be enabled or disabled with just a click.
Licenses are End-user Organization Perpetual use Licenses and include 2 years updates, after 2 years updates are optional at 20% of licensing cost. USB-Lock-RP is not support demanding, once it's set, it works as intended, this has to do with product maturity and that at client-side the software deals with hardware, not users. Support is in English at no charge by email or phone.
Doesn’t require internet or Active directory.
Protects even if client endpoint is disconnected from the network. (At the Control, disconnected Laptops will show in the out-list). Protects at System level. (effective even if running under administrative account.) Starts protecting even if no user is logged into the system. Works on air-gapped networks and remote locations.
Fully functional DEMO ready for download. Test how USB Lock security software, manages USB ports and Devices access to endpoints with ease and monitor authorized Thumb drives without time limitation in up to 5 clients. Dedicated team on stand by to assist on any questions you may have (24x7).
USB Lock client can be mass deployed as Group Policy Object in Active Directory Environments, the USB Lock client is presented as a standalone Windows Installer MSI that is configurable by command line, ensuring effective initial client deployment and updates. Our team can also preconfigure the MSI for you if required.
The Universal Serial Bus (USB) is the most used interface allowing communication between devices and computers.
USB Devices are considered an attack vector by themselves and a probable initial attack vector in an infection sequence.
USB Device Control:
In the context on endpoint security refers to controlling USB devices access to servers, desktops, workstations and laptops acting as USB hosts in a network. USB Blocking, Monitoring, and Encryption are within USB Control scope. Blocking USB, flash drives, portable devices and wireless adapters is enforced in real-time. To effectively protect the endpoint a USB-Lock-RP client (agent) is deployed and operates as a system service locally. Besides USB security policy enforcement, the service purpose is to communicate with the USB-Lock-RP Control Application. The USB Control is installed on-premises within the network/domain and operates independently to centrally manage devices access. Its main function is to control usb and other removable devices access to endpoint ports, receive alerts and logs events.
USB Access Control:
To manage access to data contained inside USB flash drives (e.g., Thumb drive, Pen drive, Memory Stick). Access is restricted by automatically forcing strong encryption to all files transferred to the protected USB drive. There is no software installation required inside these devices as the USB-Lock-RP service is in charge of Encryption and Decryption. This method effectively protects data inside usb removable storage according to the Control Application policy setting (Auto encryption can be set ON or OFF in real-time).
Refers to automatically blocking access to the computer desktop. Lockdown occurs when unauthorized USB storage devices (e.g.,USB 2.0, USB 3.x) are connected to the usb ports (e.g., standard USB type-A, USB type-C), or remote USB. USB-Lock-RP considers the unauthorized connection of usb storage devices a serious intrusion attempt that should be stopped by all means, USB Lockdown (blocking) is part of the software redundant measures applied to protect the system. This measures take place upon detection and included preventing drivers to load, stopping, dismounting, disabling, ejecting devices and also blocking access to the desktop. Protection measures escalated depending on the device type and the device status but lockdown is normally included when blocking usb and other removable storage under the software protection scope.
Blocking USB & desktop Lockdown is simultaneous and present full-screen window alerts that extend to multiple monitors.
Lockdown remains until any of the following conditions is met:
- The blocked USB device is removed. (client-side)
- The master password is used. (client-side.)
- The sector is unprotected. (control-side.)
- The USB device is authorized. (control-side.)
How to Block, Authorize, Monitor & Lock USB:
Block USB Removable Storage on a Specific Computer:
- Select a client PC from the USB-Lock-RP management console network list.
- Click on the left side lock.
Done!, you have just protected the selected computer removable drives sector. Now the following devices will be blocked: USB, eSATA and Firewire drives, Mobile phones (MTP Protocol), Smart cards while also smart blocking USB keystroke injection attacks. Setting are enforced in real-time (To unprotect just click the lock again).
Block USB Removable Storage on a Group of Computers:
By default 5 groups are created, and all new installed clients will belong to group 1 as seen on the groups column, so you are ready to block removable storage on all computers at this point.
- Rename groups using the group rename function.(optional.)
- Add computers to groups by right clicking on the selected machine and choosing a group name.(optional.)
- Click the Group security button and choose the group name, sector (e.g., Removable drives), desired action (e.g., Protect) and press OK.
Great!, you just Locked removable drives sector on all computers that belong to the chosen group. You will see all computers in that group changing its security status to protected in real-time.
Whitelist Thumb drives and Smartphones:
Authorizing specific USB pen drives and Mobile phones is as easy, just insert the device you need to authorize (at the control or at the client) and press authorize. Done!
Besides USB Control (Removable Storage Sector), Three other sectors to manage are available and are as easy to protect: CD/DVD Sector, iRDA/Bluetooth Sector, and WiFi Sector.
Blocked or authorized device connection to any client computer automatically generate an alert event stored encrypted at Control server. This records are readable from within the Central USB-Lock-RP Device Control interface and show date-time, Hardware ID, logged user & machine name.
At client-side a full screen alert instructs the user to revove the device, this alerts bear the licensed organization logo at top-left corner.
Monitor Files Transferred Thumb-drives:
USB Monitoring is activated or deactivated with just one click independently of the removable storage sector protection state. (while protected or unprotected state)
Monitored data include the name and exact weight of transferred files from the client endpoint PC to flash drives, logged user, device hardware ID, source machine name, date/time when the event started.
Records are sent encrypted AES 256 hex masked from the endpoint computer to the control in near real-time and are organized at the control by endpoint machine name/date/time for review as needed.
At the Central control server the collected data remains encrypted and same as all device insertion attempts records is only readable within the Device Control interface.
Protect Information Inside Thumb drives (Encryption):
USB Access Control is done by forcing automatic Encryption, this function can also be turned ON or OFF with just one click. (USB Monitoring needs to be activated for Encryption to work).
When USB Encryption is active all files transferred from the endpoint computer to authorized USB flash drives are automatically AES 256 encrypted. (all data not just the headers)
Stored files on encrypted USB Thumb drives can be opened within the endpoint originating client or within any other endpoint USB-Lock-RP client that have USB Encryption activated. (files are automatically decrypted in those systems when opened)
This function ensures that information contained inside authorized devices is only accessible within determined computers in the network and none outside the network.
Protect Against badUSB devices:
Included in the removable drives sector is protection against badUSB device e.g. USB Rubber Ducky, this type of device is extremely dangerous as its firmware has modified to impersonate Human interface devices (HID) such as keyboards.
This class of BadUSB can inflict keystroke attacks and introduce malicious payloads to harm the operating system and network infrastructure. Blocking USB of this type is a standard function in USB Lock, the program makes a quick analysis when detects any change on keyboard/mouse enumeration to prevent such attacks, other than that keyboards and mouse work normally without restriction.
Endpoint security that is not a pain in your end!.
QUOTE: ...USB Lock RP not only allows you to maintain control and have flexibility. It gives you peace of mind when it comes to endpoint security and removable devices and more importantly is gets rid of PEST!...
Article: by Ron Barrett
USB-Lock-RP is Centrally Managed USB Control that comes with perpetual use license, reasonable cost, operates without requiring internet connection, and offers its service as a security tool you can call your own. No matter how big or small your network is, USB-Lock-RP is designed for performance and scalability, effectively protecting computer Networks of any size.
The Advanced Systems Team invites you to Download USB LOCK to manage USB devices access to your network.