ITarian provides the ability to control external device control. The “External devices control” profile section, allows you to block a different kind of external devices such as USB drives, Bluetooth devices, printers, and serial and parallel ports at the endpoints. Thus, it blocks every device that is mentioned in the control of the blocked devices. Admin can block list of devices while allowing particular external devices.
Please refer below steps to restrict required external devices:
STEP 1: Go to “Configuration Templates” ---> “Profiles”, Select the preferred profile from the list, to which you add the exclusions to the external devices.
STEP 2: Select the "External Devices Control" from the "Add Profile Section" drop-down list in the selected profile.
Now you can see the detailed Information about the external devices control.
The options in "External Devices Control" are explained below:
Enable Device Control - Only after enabling this option, we can block device of a client computer from accessing devices such as USB drives, Bluetooth devices, printers, serial ports and parallel ports .
Log detected devices - Enable this to get the logs generated. The logs will be available at "Security Sub-Systems" → "Device Control", where you can ensure whether the device is "Allowed" or "Blocked" from its status .
Show notifications when devices disabled or enabled - This option will be used to show up the notification in ITarian portal when the devices are disabled or enabled by using the external device control.
Blocked Device classes - This option will be used to manage the list of device classes to which you want to block the access of the external devices at the endpoints. For example- USB - Mass storage devices, Optical devices.
Exclusion - This option will be used to manage the list of device classes to which you want to allow the access to the external devices. For example- Device custom name = "DESKTOP-IF9975O", Device ID = “USBSTOR\DiskHUAWEI__*”.
STEP 3: Select the "Blocked Device classes", Then click on the Add button for adding the device classes in the external device control profile.
Now, you can see the list of device class and class ID.
The available device classes are explained below:
USB storage device -The USB mass storage device class is a set of computing, communications protocols that make a USB device access to a host computing device and enables file transfers between the host and the USB device. To a host, the USB device acts as an external hard drive.
Human interface device-A human interface device or HID is a type of computer device usually used by humans that takes input from humans and gives output to humans.
Floppy Disks -A floppy disk is a type of disk storage composed of a disk of thin and flexible magnetic storage medium, sealed in a rectangular plastic enclosure lined with fabric that removes dust particles. Floppy disks are read and written by a floppy disk drive (FDD).
1394 FireWire devices - 1394 FireWire devices are an interface standard for a serial bus for high-speed communications and isochronous real-time data transfer.
IDE ATA ATAPI controllers -IDE ATA ATAPI controllers are an interface standard for the connection of storage devices such as hard disk drives, floppy disk drives, and optical disc drives in computers.
Tape drives -A tape drive is a data storage device that reads and writes data on a magnetic tape. Magnetic tape data storage is typically used for offline, archival data storage.
CD / DVD drives - CD / DVD drives are a type of computer disk drive that reads and writes data from optical disks through laser beaming technology. This type of drive allows a user to retrieve, edit and delete the content from optical disks such as CD's, DVD's and Blu-ray disks.
Printing devices -A printer is a device that accepts text and graphics output from a computer and transfers the information to paper, usually to standard size sheets of paper.
PCMCIA - A PCMCIA card is a credit card-size memory or I/O device that connects to a personal computer, usually a notebook or laptop computer.
Imaging devices - Imaging devices are typically used to send photos to a PC which include digital still cameras (DSC's) and digital camcorders with embedded wireless LAN (WLAN) or wireless WAN digital cellular connections.
Infrared devices - Infrared devices is the use of wireless technology in devices or systems that convey data through infrared (IR) radiation.
Bluetooth devices - Bluetooth is a wireless technology standard for exchanging data over short distances using short-wavelength radio waves in the ISM band from 2.4 to 2.485 GHz) from fixed and mobile devices, and building personal area networks (PAN's)
SCSI - SCSI is most commonly used for hard disk drives and tape drives, but it can connect a wide range of other devices, including scanners and CD drives, although not all controllers can handle all devices.
Modem - A modem is a hardware device that allows a computer to send and receive data over a telephone line or a cable or satellite connection.
Smart card readers -A smart card reader is an electronic device that reads smart cards and can be found on the Some keyboards and internal drive bay.
Ports - A ports generally refer to the part of connection available for connection between one computer to peripherals like input and output. It has many uses, to connect a monitor, webcam, speakers, or other peripheral devices.
Network adapters - A network adapter is the component of a computer’s internal hardware that is used for communicating over a network with another computer. It can be used over a wired or wireless network.
Biometric - A Biometric device is a security identification and authentication device. Such devices use automated methods of verifying or recognizing the identity of a living person based on a physiological or behavioral characteristic.
Disk drives - A disk drive is a device for implementing a storage mechanism. Notable types are the hard disk drive containing a non-removable disk, the floppy disk drive and its removable floppy disk, and various optical disc drives and associated optical disc media.
Storage volumes - A storage volume is a single accessible storage area with a single file system, typically (though not necessarily) resident on a single partition of a hard disk. Although a volume might be different from a physical disk drive, it can still be accessed with an operating system's logical interface.
Portable devices - Portable devices are a computing device small enough to hold and operate with the hand. Typically, any handheld computing device will have an LCD flat screen interface, providing a touch screen interface with digital buttons and keyboard or physical buttons along with a physical keyboard.
STEP 4: Select the equivalent check box for the Device class and its class id as per your needs and then click the "OK" button.
For example: Select USB storage devices, Printing devices, and Portable devices
Now you can see the detailed information of blocked device classes as below.
Step 5: Click "Save" option, the External Devices Control has been successfully created with mentioned blocked device.
For example: USB storage devices, Printing devices, and the portable devices are created.
Step 6: To delete the device classes, select the equivalent check box of the device class and click "Delete" button.
Step 7: You can ensure whether the devices are blocked or allowed by clicking "Security Sub-Systems" → "Device Control".
The status of the hardware tells whether it is allowed or blocked.
For example: SanDisk Cruzer Blade USB Device and Redmi Note 5 Pro have status as "Blocked".
Note: This setting will be applied to the endpoints only when the profile is added to that particular endpoint.