Introducing USBWall - LACSC/USBWall GitHub Wiki

Today, in the IT world, security is an important topic which concerns all companies because they need to protect their data. It is also the case for educationals and any systems in which pultiple users can access multiple workstations physically.

Protect a complete system from its own users is difficult, but some work can be done in order to harden it. Some limits can be configured for users, admin access restricted or disabled remotely. Using multiple groups and hardened umask reduces the possibility for a given user to easily access another user account content. Nevertheless, through the usage of corrupted USB devices, it is possible without even having an account a the workstation to get back a lot of informations. Linux-based workstation may also be targetted because of recent user friendly dangerous features like hotplus devices auto mounting. Such feature usually automatically mount usb devices (usb key or usb hard disk) and often automatically execute scripts like autorun.sh in the device when present without asking for a user validation. Such script can use various attack mode, like dumping the /dev/mem device, dumping all or a part of the filesystem, duplicating some specific files or even add a new script in the logged user autorun directory in order to create a backdoor.

Because of such risk, USB devices should be considered, like the network, like a possible source of threats, and should also be protected.