Identity Theft is the fastest growing crime in the US according to the FBI
 

USB detection using WMI script

Written by OSAblog on Sunday, June 21st, 2009

USB flash drives are very common and can be found in almost every computerized environment for storing and transferring data between computers. These USB devices make it really easy for potential attacker to exploit unprotected computers with malicious virus and Trojan software and provide a gateway to the network for manipulating sensitive data.

Detecting USB storage devices
There are some nice tools that can be found on the net that will notify about USB devices on local and remote windows platforms. But most of them are not free and will require an installation of an agent on the remote windows platforms. Using the preinstalled Windows Management Instrumentation (WMI) on windows platforms is free and will not require any remote agent. It will only require a simple script that can be run manually from a privileged user account or from another network monitoring software like Security Center: IDS IPS Network Access Protection and Switch Protector: NAC Network Access Control Monitoring network security scanners.

WMI notification event script
The following USB notification event script will send an event message in response to any operation of USB device on local or remote windows platform. For simplicity, the script is using a temporary event subscription, which exists only as long as the script is running. Some modifications will be needed for a permanent event subscription that will not require a perpetually running script:

VBScript (should be copied and saved as .vbs file):
strComputer = “.” ‘(Any computer name or address)
Set wmi = GetObject(”winmgmts:” & strComputer & “rootcimv2″)
Set wmiEvent = wmi.ExecNotificationQuery(”select * from __InstanceOperationEvent within 1 where TargetInstance ISA ‘Win32_PnPEntity’ and TargetInstance.Description=’USB Mass Storage Device’”)
While True
Set usb = wmiEvent.NextEvent()
Select Case usb.Path_.Class
Case “__InstanceCreationEvent” WScript.Echo(”USB device found”)
Case “__InstanceDeletionEvent” WScript.Echo(”USB device removed”)
Case “__InstanceModificationEvent” WScript.Echo(”USB device modified”)
End Select
Wend

JScript (should be copied and saved as .js file):
strComputer = “.”; //(Any computer name or address)
var wmi = GetObject(”winmgmts:” + strComputer + “rootcimv2″);
var wmiEvent = wmi.ExecNotificationQuery(”select * from __InstanceOperationEvent within 1 where TargetInstance ISA ‘Win32_PnPEntity’ and TargetInstance.Description=’USB Mass Storage Device’”);
while(true) {
var usb = wmiEvent.NextEvent();
switch (usb.Path_.Class) {
case “__InstanceCreationEvent”: {WScript.Echo(”USB device found”); break;}
case “__InstanceDeletionEvent”: {WScript.Echo(”USB device removed”); break;}
case “__InstanceModificationEvent”: {WScript.Echo(”USB device modified”); break;}}}

For more information on network security and management software solutions for real-time monitoring systems, please visit Lan-Secure.com: Network Management Software.

Article Source:http://www.articlesbase.com/security-articles/usb-detection-using-wmi-script-981885.html

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • NewsVine
  • Reddit
  • StumbleUpon
  • Google Bookmarks
  • Yahoo! Buzz
  • Twitter
  • Technorati
  • Live
  • LinkedIn
  • MySpace
  • E-mail this story to a friend!
  • RSS
  • Turn this article into a PDF!

Welcome back! You may want to subscribe to my RSS feed. Thanks for visiting!

Technorati Tags: , , , , , , , , , , , , , , , , , , ,

  • Share/Bookmark

If you enjoyed this post, make sure you subscribe to my RSS feed!

Blog Traffic Exchange Related Posts
  • Computer Security Computer security means a security which is used in computer and network. When some unauthorized person works on our computer than computer security is used in detecting that person and preventing that person from using it. In order to be safe as we use computer in day today life computer......
  • Top 10 tips for Wireless Home Security A wireless home network brings many benefits – all the family can access the Internet simultaneously, you can use a laptop anywhere within the radius of the wireless network, freeing you from physical constraints, you don’t have to string Cat-5 cabling throughout your house (no holes in the wall either!)......
  • How does a Wi-Fi router work? What is it?A Wi-Fi router is a wireless gadget that connects two or more computers with each other or to a whole network. It may happen that a user has a wireless network at home or at office. One can find wireless network environment (Wi-Fi hotspot) in an international airport......
  • Welcome! Thanks for Joining our OSA Network… Online Security Authority is happy to announce our new blog! Here we will provide Security information and RSS Feeds regarding Online Security Tips, Child Protection Tips, Banking Security Tips, Shopping Security Tips, and Dating Security Tips. Feel free to comment or ask questions about online security issues that you are......
  • Network Security Revolution Network security is always been the most concerning topic for the experts. Every one wishes to keep their network safe from hackers. We are in the age of network security revolution. Many companies have been trying to launch a product that keeps the network safe from hackers. As the volume......
Blog Traffic Exchange Related Websites
  • LAN Design and the Hierarchical Network Model CCNA focuses on networks for SMBs (small, medium businesses). A hierarchical design model is recommended. Easier to manage and expand. Problems are solved more quickly.Hierarchical design divides the network into 3 layers. Core, (CL). Distribrution, (DL). Access, (AL).Each layer provides specific functions. This "modularity" facilitates scalability and performance.Access Layer,......
  • Seven Tips for Securing Your Organization's Network from Spam and Email Viruses Providing security against email related threats has become a burden for most IT professionals in 2006. According to a recent study by Postini, spam and email viruses now make up to 80% of all emails sent out as compared to 50% in 2000. As a result, IT professionals now......
  • osacoverYour Online Security Authority eZine Starting in 2009 were are introducing a new platform to bring you our Online Security Authority eZine... we hope you'll enjoy our first edition and please let us know if we can research or bring new and relevant topics to you; our OSA visitors, guests and those who have been......
  • Shelter CoveShelter Cove Marina, San Diego, CA Phone: 619.224.2471 Average Water Depth: The average water depth in this area is 11 feet, but this can change. Please call ahead before you arrive. Marine Standby Channel: Not at this time, but the marina is reachable by phone. Is there a pumpout station? No, but there are a......
  • Can your bank affect your Self Esteem?? How can Banks influence Self Esteem? Aren't they too far away from the consumer and passive to influence them?Then I came across the work of Nathaniel Branden and my thinking became clearer. Our self-evaluation is the basic context in which we act and react, choose our values, set our goals,......
 

Leave a Comment

CommentLuv Enabled

« Can End User Monitoring Bring More to the Organisation Than Just Increased Security and Compliance? | Home | Finding the Right Weapon to Destroy AntiSpyware Pro »