InformationUSB storage provides a means to transfer and store files insuring persistence and availability of the files independent of network connection status. Its popularity and utility has led to USB-based malware being a simple and common means for network infiltration and a first step to establishing a persistent threat within a networked environment.
Note: An alternative solution to disabling the usb-storage module may be found in USBGuard. Use of USBGuard and construction of USB device policies should be done in alignment with site policy.
Restricting USB access on the system will decrease the physical attack surface for a device and diminish the possible vectors to introduce malware.
SolutionEdit or create a file in the /etc/modprobe.d/ directory ending in .conf
Example: vi /etc/modprobe.d/usb_storage.conf
and add the following line:
install usb-storage /bin/true
Run the following command to unload the usb-storage module: