How to Lock the USB ports on your fanless mini PC

Feb 27, 2017

The USB ports on a fanless mini PC give a lot of flexibility but can also be abused. In this blog, Max Fazilleau (our TGPC Application Engineer) explains:

● Why Preventing Unauthorised Access to your USB ports
● Why USB can be a Security Threat
● How to lock-down your USB Ports

Preventing Unauthorised Access to your USB ports

Securing a fanless PC is a perennial issue for our customers. They are designed to run autonomously, in a kiosk or security system or as a print server on a network, and operate for weeks on end without direct intervention by an operator. That means that unauthorised access might easily not be detected.

USB: a Security Threat

The USB ports are a direct gateway into the machine and to any network to which it is connected. An authorised or unauthorised user can connect a keyboard, mouse and display to gain access to all data and capabilities.

A malicious user can also connect a USB stick, deliberately or accidentally introducing a virus or stealing data. They can even boot from the USB stick, turning the PC into a platform for further hacking.

back of a fanless pc showing usb ports

How to lock-down the USB ports on your Fanless mini PC

Fanless PCs can have five or more USB 2.0 and 3.0 ports, as well as a Bluetooth interface. The easiest way to avoid this risk is to disable all these points of access. We have tested this under Linux in the lab and the documentation is available to customers on request.

In principle, it is possible to selectively disable some USB ports. Of course, you should ensure that you have established a way of remotely controlling the PC before you implement this, otherwise you will not be able to control the machine any more. The USB ports can subsequently be re-enabled.

USB ports in BIOS
The lsusb -t, giving the list of the USB buses and ports, shown before our intervention. Afterwards, you would see just an empty output.

Other ways to protect your fanless mini pc

Properly securing a fanless PC means protecting the hardware, protecting the data and protecting the interface. We offer complete solutions including a Kensington lock to secure the hardware, a TPM processor that stores passwords, encryption keys and digital certificates to protect your data as well as this solution to lock-down the USB ports.

Put together, they offer the best security for your most vital data. Contact us for more information!

Articles related to this topic:
Trusted Platform Module (TPM) Chip, Ideal for Data Protection
How to Protect the Data on my fanless PC from any Intrusion