Removable media presents a serious potential threat vector for malware to exploit in any manufacturing facility. As a result, it is essential to utilize methods that protect against these threats. The next several blog posts in this series will provide different methods to reduce the risk of a cyber attack using removable media as the launch method. While each solution is beneficial, a defense in depth solution is always recommended.
The majority of Windows operating systems, Windows 95 through Windows 10, have a default Windows application called the Registry Editor (or Regedit). This editing application provides the user access into the Windows registries of the device, enabling a user to change the base system parameters. One such item that can be addressed is Removable Media. There is a different Windows Registry for each type of Removable Media device including USB devices, CD’s, Floppy drives, and SD Memory cards.
To access the Windows Registry Editor, open the start menu and type regedit into the Search bar (for Win 7 and 10) or open the Run application and type regedit and hit enter (Pre-Win 7). This will launch the Registry Editor application.
The left hand side of the application displays a Navigation pane. For Removable Media, two of the Registry Key directories will be used: HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER. For each directory, follow the steps below to lock down removable media access points on the device.
Expand the following navigation folders as follows: SYSTEM -> CurrentControlSet -> Services
For USB devices, navigate down to the registry key labelled USBSTOR. Select that registry key. Select the registry value named “Start” and right click on it, select Modify. Make sure the value Base is set to Hexadecimal. Change the value to 4 and click OK.
For CD’s, navigate down to the registry key labelled cdrom. Select that registry key. Select the registry value names “Start” and right click on it, select Modify. Make sure the value Base is set to Hexadecimal. Change the value to 4 and click OK.
For floppy drives, navigate down to the registry key labelled flpydisk. Select that registry key. Select the registry value names “Start” and right click on it, select Modify. Make sure the value Base is set to Hexadecimal. Change the value to 4 and click OK.
For SD memory cards, navigate down to the registry key labelled sdstor. Select that registry key. Select the registry value names “Start” and right click on it, select Modify. Make sure the value Base is set to Hexadecimal. Change the value to 4 and click OK.
Note that after changing the registry value, the change does not take effect until after the PC is rebooted. However, to make it immediately take effect, navigate to the desktop, right click, and choose Refresh. This should cause the changes made in Registry Editor to immediately take effect.
Why Sandalwood?
We are a one-stop-shop for launching job rotation for any employer from conception to implementation. Our experts tailor our services to meet the needs of our customers by collaborating with them throughout the entire process. We do not offer cookie cutter solutions for job rotation because the needs of employers vary significantly.
Why Sandalwood?
Sandalwood is pleased to offer solutions above and beyond the traditional ergonomic assessments. With an in-depth knowledge of various digital human modelling software suites, integration and adoption to your health and safety programs has never been easier. Sandalwood is experienced in ergonomic program design as well as industry leaders in digital human modelling services. We have a diverse team that is able the leverage the results from the digital human model to provide in depth risk assessments of future designs and current state. Sandalwood is also able to pair these assessments with expertise and provide guidance on the best solution for you. Sandalwood is also on the forefront of emerging technologies and able to integrate Motion capture, Wearables, and extended or virtual reality into your ergonomic program.
