Block vs Reject - Githubissues

USBGuard / usbguard

USBGuard is a software framework for implementing USB device authorization policies (what kind of USB devices are authorized) as well as method of use policies (how a USB device may interact with the system)

https://usbguard.github.io/

GNU General Public License v2.0

1.14k stars 140 forks source link

Block vs Reject #473

Closed molitona closed 3 years ago

molitona commented 3 years ago

Hi, I wonder what's the deep difference between Block and Reject (I've already seen the doc hint)

And, Do they both prevent USBKiller ? Do they both prevent the other malicious USB's (those who exfiltrate data) ?

Cropi commented 3 years ago

Hi @molitona,

The key difference is that:

block will deauthorize the device and it will stay in a blocked state until it is authorized.
reject will deauthorize and remove the device. In case you would like to use a rejected device again, you will have to reinsert it.

Both should protect against malicious USBs by a set of usbguard rules.

muelli commented 3 years ago

But USBKiller is the name of a device that has too high voltage for USB, no? In that case, any software based solution is not capable of defending against such an attack.

molitona commented 3 years ago

Oh, unfortunately. Thanks!

-------- Original Message -------- On Apr 19, 2021, 8:12 AM, muelli wrote:

But USBKiller is the name of a device that has too high voltage for USB, no? In that case, any software based solution is not capable of defending against such an attack.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

molitona commented 3 years ago

Then, usbguard can only protect software attacks (those who exfiltrate data), right ?

-------- Original Message -------- On Apr 19, 2021, 8:12 AM, muelli wrote:

But USBKiller is the name of a device that has too high voltage for USB, no? In that case, any software based solution is not capable of defending against such an attack.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

Cropi commented 3 years ago

USBGuard was designed to authorize/deauthorize/reject usb devices by a set of rules. It's up to the user to decide, which devices are authorized for use. To sum up, deauthorized devices can not exfiltrate data from your machine.

molitona commented 3 years ago

Ok, thanks!

-------- Original Message -------- On Apr 21, 2021, 12:18 PM, Attila Lakatos wrote:

USBGuard was designed to authorize/deauthorize/reject usb devices by a set of rules. It's up to the user to decide, which devices are authorized for use. To sum up, deauthorized devices can not exfiltrate data from your machine.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.