Identity Theft is the fastest growing crime in the US according to the FBI
 

USB detection using WMI script

Written by OSAblog on Sunday, June 21st, 2009

USB flash drives are very common and can be found in almost every computerized environment for storing and transferring data between computers. These USB devices make it really easy for potential attacker to exploit unprotected computers with malicious virus and Trojan software and provide a gateway to the network for manipulating sensitive data.

Detecting USB storage devices
There are some nice tools that can be found on the net that will notify about USB devices on local and remote windows platforms. But most of them are not free and will require an installation of an agent on the remote windows platforms. Using the preinstalled Windows Management Instrumentation (WMI) on windows platforms is free and will not require any remote agent. It will only require a simple script that can be run manually from a privileged user account or from another network monitoring software like Security Center: IDS IPS Network Access Protection and Switch Protector: NAC Network Access Control Monitoring network security scanners.

WMI notification event script
The following USB notification event script will send an event message in response to any operation of USB device on local or remote windows platform. For simplicity, the script is using a temporary event subscription, which exists only as long as the script is running. Some modifications will be needed for a permanent event subscription that will not require a perpetually running script:

VBScript (should be copied and saved as .vbs file):
strComputer = “.” ‘(Any computer name or address)
Set wmi = GetObject(”winmgmts:” & strComputer & “rootcimv2″)
Set wmiEvent = wmi.ExecNotificationQuery(”select * from __InstanceOperationEvent within 1 where TargetInstance ISA ‘Win32_PnPEntity’ and TargetInstance.Description=’USB Mass Storage Device’”)
While True
Set usb = wmiEvent.NextEvent()
Select Case usb.Path_.Class
Case “__InstanceCreationEvent” WScript.Echo(”USB device found”)
Case “__InstanceDeletionEvent” WScript.Echo(”USB device removed”)
Case “__InstanceModificationEvent” WScript.Echo(”USB device modified”)
End Select
Wend

JScript (should be copied and saved as .js file):
strComputer = “.”; //(Any computer name or address)
var wmi = GetObject(”winmgmts:” + strComputer + “rootcimv2″);
var wmiEvent = wmi.ExecNotificationQuery(”select * from __InstanceOperationEvent within 1 where TargetInstance ISA ‘Win32_PnPEntity’ and TargetInstance.Description=’USB Mass Storage Device’”);
while(true) {
var usb = wmiEvent.NextEvent();
switch (usb.Path_.Class) {
case “__InstanceCreationEvent”: {WScript.Echo(”USB device found”); break;}
case “__InstanceDeletionEvent”: {WScript.Echo(”USB device removed”); break;}
case “__InstanceModificationEvent”: {WScript.Echo(”USB device modified”); break;}}}

For more information on network security and management software solutions for real-time monitoring systems, please visit Lan-Secure.com: Network Management Software.

Article Source:http://www.articlesbase.com/security-articles/usb-detection-using-wmi-script-981885.html

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • NewsVine
  • Reddit
  • StumbleUpon
  • Google Bookmarks
  • Yahoo! Buzz
  • Twitter
  • Technorati
  • Live
  • LinkedIn
  • MySpace
  • E-mail this story to a friend!
  • RSS
  • Turn this article into a PDF!

Welcome back! You may want to subscribe to my RSS feed. Thanks for visiting!

Technorati Tags: , , , , , , , , , , , , , , , , , , ,

  • Share/Bookmark

If you enjoyed this post, make sure you subscribe to my RSS feed!

Blog Traffic Exchange Related Posts
  • Network Security Revolution Network security is always been the most concerning topic for the experts. Every one wishes to keep their network safe from hackers. We are in the age of network security revolution. Many companies have been trying to launch a product that keeps the network safe from hackers. As the volume......
  • Top 10 tips for Wireless Home Security A wireless home network brings many benefits – all the family can access the Internet simultaneously, you can use a laptop anywhere within the radius of the wireless network, freeing you from physical constraints, you don’t have to string Cat-5 cabling throughout your house (no holes in the wall either!)......
  • Virus: M. Jackson's Death And Threats: Interent Explorer What you need to know:  Another major news story sparks the release of viruses.  Hackers Are taken advantage of the highly publicized death of Michael Jackson and duping unsuspecting users into installing malware on their computers.  What you need to Do:  * Be Skeptical of links and sites that play......
  • Computer Security Computer security means a security which is used in computer and network. When some unauthorized person works on our computer than computer security is used in detecting that person and preventing that person from using it. In order to be safe as we use computer in day today life computer......
  • Protect your PC from Infection The Web is increasingly used by white-collar criminals for fraudulent purposes. You can thwart these malicious activities by being watchful and by activating the following 5 steps to protect your computer and yourself. 1. Install anti-virus software and infection protection software. 2. Install a firewall and monitor all attempts to......
Blog Traffic Exchange Related Websites
  • Secure Your Wireless Network Thanks to wireless routers, setting up a home or small business network is easier than ever. No running cables, no drilling through walls, just plug in, configure, and go. However, it's also easier than ever to hack into someone's network, thanks to wireless routers.If, when setting up your router,......
  • Shelter CoveShelter Cove Marina, San Diego, CA Phone: 619.224.2471 Average Water Depth: The average water depth in this area is 11 feet, but this can change. Please call ahead before you arrive. Marine Standby Channel: Not at this time, but the marina is reachable by phone. Is there a pumpout station? No, but there are a......
  • LAN Design and the Hierarchical Network Model CCNA focuses on networks for SMBs (small, medium businesses). A hierarchical design model is recommended. Easier to manage and expand. Problems are solved more quickly.Hierarchical design divides the network into 3 layers. Core, (CL). Distribrution, (DL). Access, (AL).Each layer provides specific functions. This "modularity" facilitates scalability and performance.Access Layer,......
  • Spreadsheets Considered Harmful AbstractDecentralized archetypes and write-ahead logging have garnered great interest from both electrical engineers and steganographers in the last several years [16]. In this work, we demonstrate the understanding of operating systems, which embodies the unfortunate principles of "smart" electrical engineering. We use secure symmetries to validate that SMPs and......
  • Limited Budget For SIEM? Then Opt For Managed Security Service Providers (MSSP) The current recession environment is witnessing increasing data breaches. Some of the reported data breaches last month alone is alarming. Organizations are doing everything to secure themselves but with limited resources and budgets.Getting a full visibility of your IT security environment in the areas of logs, vulnerability data, full......
 

Leave a Comment

CommentLuv Enabled

« Can End User Monitoring Bring More to the Organisation Than Just Increased Security and Compliance? | Home | Finding the Right Weapon to Destroy AntiSpyware Pro »