In a project I’m working on, there is a requirement to have exposed USB ports on a kiosk like system that would allow users to connect approved devices for uploading information. The problem is, an unprotected USB port is a trivial way to compromise a system. What I need to be able to do is get notifications on when devices are plugged in and based on the vid/pid, either allow the device to function or not. We would also have to be able to ensure that the approved vid/pid is the correct type of device, and not a USB keyboard, flash drive etc.

Does anyone know of existing software which would allow us to lock down a USB port to certain devices, or know of a way to hook into the Windows events and actively prevent unsupported devices from working? We are using Windows 7 and Windows 7 embedded for this project.

My initial thoughts are that it’s impossible to adequately protect an exposed USB port short of disabling it altogether. If that’s the case, evidence to support that would be greatly appreciated.