Latch USB Monitor: New tool to monitor PNP devices with LatchElevenPaths 11 diciembre, 2014 Latch USB Monitor is a tool that monitors Plug ‘n Play device (PNP) changes in Windows and gives the user the possibility of tracking incoming devices, and react accordingly to a preconfigured Latch response. For instance, it would allow to block USB ports so it will not recognize a new inserted memory USB stick until it is authorized with the movile device. This means that Latch USB Monitor will ask Latch servers what to do when a certain PNP device is detected in a Windows machine. So the administrator has a tool to potentially react to plugged devices, and modify the behavior and scripts launched in any way, at any moment, just sliding a bar from his mobile device. How it works Latch USB Monitor works as a service and has a GUI to configure it. That means it still works and monitors incoming devices even when no user is logged in. The service is constantly monitoring any device with the characteristics given by the user. When it occurs, it asks Latch servers and reacts in the way that the user has configured it. It may as well be used as an alerting system, with no action associated to an event. So if a device is plugged to the machine, a blocking message is sent by Latch to the mobile device, but no action is taken. Latch USB Monitor with some configured rules How to install it No special instructions. Just accept the license and choose the path. If, for the sake of security, you do not want the service to run as SYSTEM, you may change it to whatever account you wish, as long as it has privileges to run as a service, and network access. A config file is created in XML format. This file contains sensitive information. Take care with the permissions specially in shared computers. Pairing with Latch First of all, a Latch account has to be set with a pairing token. Go to Latch management and add the App ID and secret. A timeout is specified here. This means that if the computer is not connected to a network or, for any other reason it cannot get a response from Latch in the specified time limit (0 milliseconds by default which corresponds to no timeout) the «no response» action is applied. How to add and configure a device Each monitored device, may have these fields: Device (optional): If your device is currently plugged in, you can choose it from this dropdown menu where all attached devices are listed. Description (optional): Giving a meaningful description of the device helps you better identify it in the main list. Device Instance ID: The ID that uniquely identifies a device in a Windows machine. When an arriving Device Instance ID is detected it goes through a matching system that can be used to discard or allow the rule. If the string set matches, the Latch query will be launched. This is treated as a string, so «Starts with», «Contains»… may be used to match. Operation ID: The operation ID used in Latch. Actions.Open (optional): If the Latch query responds with an «on», the process specified here will be launched, with the specified argument set (optional). Actions.Closed (optional): If the Latch query responds with an «off», the process specified here will be launched, with the specified argument set (optional). Actions.No response (optional): If the Latch query doesn’t respond (because there’s no connectivity, for instance, after the timeout declared in «Latch settings»), the process specified here will be launched, with the specified argument set (optional). Device details with pendrive example The tool is written in C# and may be freely downloaded from: https://elevenpaths.com/downloads/LatchUSBMonitor.zip. You may want to check out Latch Event Monitor, too. We encourage you to use it. Esta tarde en Madrid: Sinfonier MeetUpLatch para Windows: Enterprise Edition (I)
José Vicente Catalán Tú te vas de vacaciones, pero tu ciberseguridad no: 5 consejos para protegerte este verano Las vacaciones son una necesidad, está claro. Todo el mundo necesita relajarse, pasar tiempo de calidad con la familia y amigos, desconectar. Pero, irónicamente, para desconectar acabamos conectando (el...
Jennifer González Qué es la huella digital y por qué es importante conocerla para proteger a los menores en internet Como explicaba en mi anterior artículo sobre las cibervictimizaciones en los menores y el aumento que cada año se registra, hoy querría hablar sobre la importancia de concienciarnos sobre...
Telefónica Tech Boletín semanal de ciberseguridad, 16 — 22 de julio Lightning Framework: nuevo malware dirigido a entornos Linux El equipo de investigadores de Intezer ha publicado información relativa a un nuevo tipo de malware que afecta a entornos Linux y...
Telefónica Tech España necesita 83.000 profesionales en ciberseguridad en los próximos dos años Universidad Loyola y Telefónica Tech han puesto en marcha el nuevo Máster en Ciberseguridad para CISO
Roberto García Esteban Cloud computing: abierto por vacaciones Llegan las vacaciones de verano y con ellas el merecido descanso para casi todos nosotros. La actividad de la mayoría de las empresas se reduce drásticamente, aunque también hay...
Diego Samuel Espitia Qué son los “Martes de parches” de seguridad para tecnología operativa (OT) En el mundo de la ciberseguridad estamos acostumbrados a la publicación de paquetes que corrigen las vulnerabilidades detectadas en software para empresas, los conocidos como actualizaciones o «parches» de...