Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
CP_SA
Participant

Disable USB Port -1450 GW

Good Evening - 

Would someone be kind enough to share how I might disable the USB port on my 1450 gateways?!

I am configuring a large number of 1450's and I am upgrading firmware via USB, but after I verify installation want to disable the port. These gateways are being deployed in relatively physically secure locations (albeit remote), but there is nothing to stop someone from connecting a USB, pulling the power cord, and voila. In a situation where a local USB upload is required I want to control its enabling/disabling (like any unused port) *I find it a little strange that they just auto-load out of the box without any prompt.

Thanks!

0 Kudos
7 Replies
PhoneBoy
Admin
Admin

As far as I know, there is no way to disable the USB ports.

That said, if someone unauthorized has physical access to the box, there are other things they can do (e.g. use the factory reset pin, replace the box with something else).

0 Kudos
G_W_Albrecht
Legend Legend
Legend

As Dameon has already pointed out, physical access to the box including serial connection is dangerous, even with disabled USB ports. But i see the possibility to achieve the goal by renaiming the USB-specific hotplug policy agent (/pfrm2.0/etc/hotplug/usb_device.agent) that will mount USB media when inserted. But any Reset To Factory Defaut Firmware will overwrite this change...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin

My guess is that will not solve the issue.

This is because flashing is done in the bootloader Smiley Happy

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Could well be so - it does not make much sense anyway...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
CP_SA
Participant

Thank you for the ideas. Since these gateways will be in relatively secure locations, and monitored 24/7, I think I will dedicate my limited brain cycles to my next set of problems!

0 Kudos
abzheee
Explorer

A lot of things might be plugged in USB to monitor port and presence of something in that port. 

I saw a security device once. From a major EU vendor: they write remote administration password to the removable storage in plain. And they ok with that. Everyone ok with that. La tradicion.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

An unnecessary comment to a post 6 years old?

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events