JumpCloud Office Hours: Join our experts every Friday to talk shop. Register today

Understanding Policies: Disable USB Storage



Using JumpCloud® Policies is a great way to automate the enforcement of system security settings at scale. The Disable USB Storage Policy ensures that your end users’ systems stay safe. This blog will answer a couple of frequently asked questions about the Disable USB Storage Policy.

What is the Disable USB Storage Policy?

The Disable USB Storage Policy is a JumpCloud Directory-as-a-Service® Policy that IT admins can leverage across Mac®, Windows®, and Linux® fleets. It prevents the use of USB mass storage devices, including external hard drives and flash drives. The Policy is enabled through the JumpCloud system agent, which activates native USB disabling settings on the machine to block the use of mass storage devices through scripting. As such, the Policy doesn’t prevent power transfer or dongle USB devices, which means use of chargers and wireless equipment is unhindered.

Why Use the Disable USB Storage Policy?

Installing malware or other viruses onto dropped USB drives is a hacking technique that has been around, well, about as long as the USB drive. In fact, one of the largest cyber breaches in U.S. military history, circa 2008, was the result of a single corrupted USB drive. 

Although the device was only plugged into one computer, the USB-based malware crept silently through the network until it made its way into U.S Central Command. It was neither confirmed nor denied that the rogue program made off with classified information, but the breach served as a chilling warning. 

In 2011, the U.S. Department of Homeland Security conducted a study on the phenomenon of the “rogue USB device.” Staff left tracked USB devices in government parking lots, and 60% of the devices were picked up plugged into government computers. A more recent study by the University of Illinois, University of Michigan, and Google® found that 48% of people on a large university campus will pick up a random USB device and put it into their computers. 

Although a random USB storage device might be innocuous, that doesn’t mean that hackers don’t use this technique to target organizations and sneak their way into the depths of a network with almost no effort. 

To err is simply human, but that doesn’t mean that, as an IT admin, you can’t head off the problem before it happens. By using the JumpCloud Disable USB Storage Policy, organizations can rest assured that their systems are safe in case an employee uses a random USB drive they’ve found. 

How to Use the Disable USB Storage Policy

You enable the Disable USB Storage Policy by pressing Plus in the Policies window of the JumpCloud Admin Portal, selecting either Mac, Windows, or Linux based on your needs, and clicking Save Policy. You can then apply the Policy to individual systems or across entire system groups to enable it at scale. The Policy will then go into effect momentarily.

Don’t Have JumpCloud?

Learn more about JumpCloud system management by scheduling a live demo of the product. You can also sign up for a free account to get a hands-on feel for JumpCloud’s policies in action.


Recent Posts
See all of the new features and updates available in Directory-as-a-Service in the July '20 edition of the JumpCloud Newsletter.

Blog

July ’20 Newsletter

See all of the new features and updates available in Directory-as-a-Service in the July '20 edition of the JumpCloud Newsletter.

You should be celebrated on SysAdmin Appreciation Day, and you can also treat yourself with these five time-savers and tools in JumpCloud.

Blog

SysAdmin Day: 5 Ways to Treat Yourself with JumpCloud

You should be celebrated on SysAdmin Appreciation Day, and you can also treat yourself with these five time-savers and tools in JumpCloud.

IT admins save time and money by automating the management of longterm Linux infrastructure. DaaS helps you automate Linux management for free.

Blog

Automate Linux Management

IT admins save time and money by automating the management of longterm Linux infrastructure. DaaS helps you automate Linux management for free.