Last Updated on October 11, 2019 by Dave Farquhar
If you’re not concerned yet about the danger of people finding random USB devices in parking lots and plugging them into work PCs, eventually you will be. The answer to the problem is to disable USB mass storage on business PCs. Of course, then there’s the question of how you connect hard drives for legitimate company use.
The easiest solution to that is to use eSATA external drives. An eSATA bracket converts one or two of the motherboard’s SATA connections into an eSATA port and costs just a few dollars. Firewire has its own security issues, so it’s not a good, secure choice.
Some external drives already have eSATA connections. If yours don’t, upgrade them. Yes, there’s a cost involved to that, but what’s the data you’re protecting worth? External 1 TB drives cost $100 or less. ESATA-capable enclosures cost $25 or less–just open the old enclosure, pop out the drive, and drop it into the new enclosure.
This is safer because external hard drives won’t turn up in parking lots very often. They don’t fall out of pockets the way USB sticks do, and they don’t survive that kind of fall and still work, either. You can educate your users not to plug drives they find in parking lots into their work PCs, but anyone who’s worked in IT more than a week knows how that goes. (Hint: Quickly forgotten at best, and more likely, completely ignored.) And if there are some PCs you don’t want people plugging drives into at all, just don’t install an eSATA bracket. That’ll work at least until eSATA ports become standard-issue.
And if eSATA isn’t practical, use the optical bay.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.