How to protect data security in USB mobile storage media

When the USB device stores important data, we need to strictly manage and control the device to avoid important data loss or leaks due to improper use or management of the USB device.
Registry Control Method
Write Permission Control
To prevent others from modifying important data stored on USB devices at will, we can modify the key values of the system registry so that common users can only access the data content on USB devices, you cannot modify the content at will.
Use the "Win + R" shortcut key to open the "run" text box, enter the "Regedit" command, and click "OK" to enable the running status of the Registry Editor. Expand the "HEKY_LOCAL_MACHINE \ System \ CurrentControlSet \ Control \ StorageDevicePolices" branch on the left side of the registry editing page.
Manually create a two-byte key value "WriteProtect" under the target branch, adjust the value to "1", and restart Windows, in this way, the user can only read the connected USB device in the future, rather than write. When a user quietly modifies important data in the USB device, a message such as "Write protection for disk" is displayed.
Control virus running
In consideration of the fact that USB devices are infected with viruses and Trojans, in order to prevent USB devices that store important data, they can automatically activate and run viruses and Trojans after being inserted into the computer system, as a result, we must take the initiative to control the virus and Trojan program in the USB device to run automatically. The following describes the specific control steps:
First, follow the previous steps to open the registry editing window of the local system. In the area displayed on the left of the window, expand the Registry branch HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ MountPoints2.MouseRight-click the branch option, run the "permission" command in the shortcut menu, and switch to the permission editing dialog box.
Next, adjust the access permissions of all user accounts here to deny, and then press the F5 function key to refresh the system registry, so that even if the USB device is accidentally infected with viruses and Trojans, when they are inserted into a computer, viruses and Trojans cannot be activated and run due to insufficient operation permissions. Therefore, important data stored on the USB device, it is not easy to be damaged or leaked by viruses or Trojans.
If you want to control the automatic running of the AutoRun virus on a USB device, open the system registry editing interface and move the cursor to the HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer node, open the NoDriveTypeAutoRun key value Setting dialog box, select the "hexadecimal" option, and enter the value "4". Then, save the settings and refresh the system registry.
Hide device partitions
If you do not want the user to access important data in the USB device, you can tryHard DiskAll drive letters outside the partition are hidden, so that even if someone secretly inserts a USB device, they cannotComputer"Or" computer "window, you can see the figure of the corresponding partition of the USB device ".
First, run the "Regedit" command to open the registry editing page. Find the HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer node option on the left of the page, and right-click the target node, run the "new" | "binary value" command in the shortcut menu to name the newly created key value "NoDrives". The default value of this key value is "00 00 00 ", this value indicates that no disk partition is hidden.
The value of "NoDrives" contains four bytes. Each byte value controls the display hiding state from "A" disk to "Z" disk, when the value of a single digit is "1", the corresponding disk partition is not displayed. If the hard drive of the Local Computer includes the C, D, E, F, G, and H partitions, when we set the value of "NoDrives" to "02 ff, you can hide partition B, I to Z, restart the Windows system, and then insert a USB device, we will not be able to "computer" or "My Computer" window, find the disk partition used by the USB device, so that you cannot access the data stored in the device. Of course, enter the disk partition symbol of the USB device in the address bar of the computer window to access the content of the device, we should also create a "NoViewOnDrive" binary key value under the HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer node option, at the same time, set the key value to "02 ff", so that the content in the USB device cannot be accessed in any way.
Group Policy Control
Disable automatic playback
When a USB device is connected to a local computer, Windows automatically opens the corresponding device window to facilitate quick access to the files. However, when a USB device automatically opens a window, it is easily exploited by a network virus. When a virus-infected USB device is inserted into a computer, the virus is transmitted to a Windows system, it is also prone to important data leaks. Therefore, to protect the security of the system and important data, we can disable the automatic playback function for all disk partitions:
Click "start"> "run" one by one, switch to the system running dialog box, and enter "gpedit. run the msc command and press Enter. The system group policy editing page is displayed. Find "Local Computer Policy" under this page. | "Computer Configuration" | "management template" | "system" node, double-click the "Disable automatic playback" option under the target node to expand the Group Policy attribute dialog box.
Next, select the "enabled" option to open the "Disable automatic playback" drop-down list, select the "All Drives" option, and click "OK" to save the settings, in this way, after the USB device is inserted into the local computer, the corresponding device window will not automatically open, so even if the device contains viruses and Trojans, they will not be able to activate and run.
Restrict sample viruses
Before a virus is maliciously transmitted, the sample virus program is activated to spread the virus. Based on this virus propagation principle, we can query virus announcements online, obtain virus program samples transmitted by USB devices in a timely manner, download and obtain the corresponding virus sample files, and then use system group policy settings, to limit the automatic running of the sample virus program on the local computer, the procedure is as follows:
First, follow the previous steps to expand the system group policy editing interface, find the "local computer policy" | "Computer Configuration" | "Windows Settings" | "Security Settings" | "Software Restriction Policy" | "Other Rules" node on the left side of the interface, right-click the target node option, right-click the "new hash rule" command in the menu, and the setting page is displayed.
Next, press the "Browse" button on the settings interface to switch to the file selection dialog box, and import the sample virus program file obtained before. In this way, the Windows system will generate a file hash number intelligently, in addition, the version information and other status information of the sample Virus File are automatically displayed, and the "security level" of the sample virus program file is selected as "not allowed ", after confirmation, the local computer will be able to automatically prevent new viruses from spreading through USB devices. In the future, even if the USB device is infected with a sample virus, it will not pose a security threat in the local system, data leaks caused by sample viruses will not occur.
Hide access partitions
After a USB device is inserted into a computer system, the partition symbols assigned to it by the Windows system are usually fixed. If you can hide a specific disk partition, normal users cannot access the data content of the corresponding device at will. To do this, you can perform the following settings:
First, Run "gpedit. msc command to open the system group policy editing interface, find "Local Computer Policy" | "user configuration" | "management template" | "Windows Components" | "Windows Resource Manager, double-click the "prevent access to the drive from my computer" option under the target node to expand the Group Policy Properties dialog box.
Select the "enabled" option, click the drop-down button at the "select one of the following combinations" position, and select a specific disk partition from the drop-down list. After saving the settings, although Windows can correctly identify and install the USB driver, they cannot be accessed in the computer window or in my computer window. If you want to hide the USB device partition, go to "Local Computer Policy" | "user configuration" | "management template" | "Windows Components" | "Windows Resource Manager, enable and set the "hide these specified drives on my computer" group policy so that users cannot see them.
Hide files
Hide device data
Important data files stored on USB devices. If they are set to hidden properties, users will not be able to see the data files even if they can enter the USB device window in the future. When hiding the device data file, First insert the USB device into the local computer, enter the computer or my computer window, and obtain the partition name of the USB device. Assume that the partition is "F: ". Then, click "start"> "run". The system running dialog box is displayed. Enter the string command "attrib F: + r + s + h/d/s ", after you click "OK", all data files on the USB device will be set to hidden properties. Normal users cannot delete or change the data files at will.
Restrict hidden files
Setting important data files to hidden properties does not guarantee their security, because some professional users can go to the Windows system folder option Setting Dialog Box and switch to the view tag page, select "show all files" to access the hidden files. To prevent professional users from viewing hidden files, we also need to control Windows systems so that they do not show hidden files to completely hide important data.
Use the "Win + R" shortcut key to open the "run" text box, enter the "Regedit" command, and click "OK" to enable the running status of the Registry Editor. Expand the "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ SHOWALL" branch on the left side of the registry editing page.
Find the "CheckedValue" double-byte key value under the target branch, and double-click it. On the subsequent interface, change the default value from "1" to "0 ", after refreshing the system registry, even if a common user enters the view options page and selects the "show all files" option, the hidden files are not displayed in Windows.
Camouflage data folder
Using the above hiding method, hiding important data from a USB device affects reading and accessing other hidden files. In fact, we can create any folder under the root directory of the USB device. Assume that the folder name is "aaa" and all the important data will be saved here in the future. Then, modify the extension to disguise the "aaa" folder and change it to a special folder such as "My Computer". When other people double-click the folder icon, important data content hidden in it will not be visible, so this can protect data content in USB devices to some extent. During the camouflage operation, you only need to manually add the extension ". {20D04FE0-3AEA-1069-A2D8-08002B30309D}" after the "aaa" folder name.
Hide partition symbols
After each USB device is inserted into a local computer, Windows automatically assigns a partition symbol to it. If the partition symbol is hidden, other users open the computer or my computer window, you cannot access the USB device, so that the data in the device is safe. When hiding the partition symbol, First insert the USB device into the local computer. After the device is recognized, right-click the computer icon on the system desktop, run the "manage" command in the shortcut menu, switch to the Computer Management window, move the mouse to the "Storage" | "disk management" node, and select the USB device icon under the node, right-click the "Change drive letter and path" command in the menu, open the Settings dialog box, select the partition symbol used by the USB device, click "delete", and finally confirm the operation, in this way, the partition symbol of the USB device can be hidden. In the future, if you want to access the content on the USB device, you just need to re-enter the "Change drive letter and path" Setting Dialog Box and assign a proper partition symbol to the USB device.
Permission Control Method
Authorize a specific user
Important data protection for USB devices is designed to prevent external access, rather than self-use. Therefore, we may wish to use the NTFS permission management function to restrict others' Random Access to USB devices. First, check the format of the system partition. If the format is FAT32, click "start"> "run" to open the "system running" dialog box and enter "Convert c:/FS: NTFS command, click OK to convert the system partition drive C to NTFS format. Next, go to the user management interface of the Local Computer and set a complex logon password for the trusted user account.
After completing the above preparations, open the system resource manager window, expand the "Windows" | "Inf" folder one by one, and find "Usbstor. pnf file, right-click the file, execute the "properties" command in the shortcut menu, switch to the corresponding file attribute interface, and select the "Security" tab, on the corresponding tab page, add a trusted user account and grant full access permissions.
Then, import other user accounts that need to access the local computer but are not allowed to use USB devices, and change their access permissions to "deny ", after confirmation, save the settings so that other users will attempt to access the USB device due to access to the USB stor. pnf files are rejected due to insufficient permissions, which ensures the security of important data on USB devices.
Access Control
As long as the USB device is formatted in NTFS format, we can control the data access permissions as needed, and prohibit irrelevant personnel from modifying or deleting important data in private. For example, to prohibit normal users from modifying or deleting important data in a USB device, you can first Insert the USB device into the local computer, enter the computer or my computer window, and find the corresponding device partition icon, right-click the device and run the "properties" command in the shortcut menu to open the Properties dialog box. Select the "Security" tab. On the corresponding tab page, delete all unfamiliar user accounts, set the read permission of the everyone account to "allow", and set other permissions to "deny ", click OK to save the settings.