- Usb Compliance Network & Wireless Cards Driver Download For Windows 8
- Usb Compliance Network & Wireless Cards Driver Download For Windows 10
- Usb Compliance Network & Wireless Cards Driver Download For Windows Xp
The worst military breach in U.S. history occurred almost a decade ago, in 2008, when a USB flash drive, containing malware, infected the network and resulted in the Department of Defense’s sensitive information being leaked. This event was a wake-up call for many in the cyber security space, and efforts have been made to expose the risks that these flash drives create.
Today, most IT pros understand that USB flash drives often carry malware infections and pose other security risks. Some organizations limit employees’ use of thumb drives for this reason; however, these small storage devices are still used in many other organizations, are larger in storage capacity, and are being expanded by black hat developers. In fact, security researchers Jakob Lell and Karsten Nohl have created a malware called BadUSB that can allow a USB device to completely take over a computer, redirect internet traffic or even invisibly alter files installed from the flash drive. USB Rubber Ducky is another example. Made famous in the show Mr. Robot, Rubber Ducky is a malicious USB that is recognized by a computer as a keyboard. Keyboards are trusted by operating systems, so the Rubber Ducky can share its malicious code with no issues.
- In compliance with the June 24, 2020 guidance of the SEC’s Division of Trading and Markets and Division of Investment Management, UBS Financial Services Inc. Has taken the following steps to deliver regulatory-required documents to client households with mailing addresses in countries to which the United States Postal Service or other non-US postal operators have temporarily suspended international mail service due to the COVID-19 pandemic.
- USB/flash policy compliance has improved significantly, but 'even one violation is too many,' said Brenda Hill, deputy director of the 72nd Air Base Wing Communications Directorate. 'The trend is better, but better isn't good enough. It shouldn't happen at.
- Setting Link MTU This topic provides specific implementation guidance to help mobile broadband device manufacturers produce compliant USB devices for Windows. It should be used in conjunction with the USB NCM Mobile Broadband Interface Model (MBIM) V1.0 specification released by the USB-IF Device Working Group.
Configuring GPO to Disable USB Storage Devices on Domain Computers. In all versions of Windows, starting from Windows 7, you can flexibly manage access to external drives (USB, CD / DVD, floppy, tape etc.) using Group Policies (we are not considering a radical way to disable USB ports through BIOS settings). The USB 3.0 devices attached to the adapter are recognized by Windows and appear to be functioning correctly. Nevertheless, in Device Manager my USB 3.0 adapter is an Unknown USB Device (Link in Compliance Mode). In Device Manager the Hardware ID is USB VID0000&PID0008 6&2F6BE58&0&2 (The characters after PID0008 are likely not relevant.).
Situations in Which USB Flash Drives Pose a Security Risk:
- When employees unknowingly share USB sticks that carry malware infections
- When employees pick up unknown thumb drives and plug them into their computers (Dropping USB flash drives with malware on them is a common tactic used by black hat developers).
- When employees leave the organization and still retain a USB holding sensitive information
- When USB flash drives are lost or stolen and information is leaked
But knowing that USB flash drives can pose a threat to your organization isn’t enough. You need to put proactive steps in place to ensure that potential security risks are identified and addressed quickly.
3 Steps to Secure USB Flash Drives
- Only allow employees to download company information onto hardware- and/or software- encrypted USB flash drives.
- Issue warnings to employees about using USB flash drives that they are unsure about.
- Deploy software or leverage corporate that only allows company-owned and/or recognized USB flash drives.
Organizations must have the above policies to detect which USB flash drives have corporate information on them and then enforce the secure data erasure of these flash drives.
Using Encryption
Any USB flash drive that’s used by employees at your organization should be encrypted. There are several ways to perform encryption on USBs. Your first option purchasing USB flash drives that are hardware encrypted. Ensure that the encryption is Federal Information Processing Standard (FIPS) approved (FIPS PUB 140-2) to meet NIST guidelines for encryption.
Second, you can install paid specialized encryption software on your USB flash drive. There are a variety of options available on the market.
Third, you can use a free, open-source encryption tool such as VeraCrypt. You can install VeraCrypt as a portable program by plugging in your USB flash drive and launching the installation program. This creates a portable version of VeraCrypt onto your external drive. You can then produce any size vault on the external drive, but you must have an administrator-level password to access this vault. So this solution could be difficult to deploy across an entire organization.
Guidance Against Using Unfamiliar USB Flash Drives
You’d think that most individuals would know better than to pick up an unknown USB flash drive and plug it into their computers. But curiosity gets the best of all of us. Research presented by Blackhat shows that this danger is real. Researchers dropped nearly 300 USB sticks on the University of Illinois Urbana-Champaign campus. 98% of these drives were picked up! In addition, 45% of these drives were not only picked up, but individuals clicked on the files they found inside. Create a security policy for USB flash drives that includes a warning to employees: If you are unsure about what’s on it, don’t plug it in. The weakest point of security for any business is the human element, so advising employees not to use unknown or personal flash drives is imperative.
Deploying Known and Trusted Drives
There are many ways you can ensure employees at your organization are following USB flash drive best practices. Here are four options that can help you keep your data secure within the Windows Active Directory environment:
- Create a group policy setting to prevent installation of all devices not described by other policy settings. All other system components will function as normal, but new devices will be flagged (including USB flash drives).
- Create a group policy setting to allow specific USB devices based on their Hardware IDs. This setting will decide if employees can insert vendor-specific USB drives.
- Create a group policy setting to allow general devices based on their Device Class properties (e.g. SCSCIAdapter, Display, Processor). Do not include DiskDrive in these options (that label will cover USB flash drives). When users add a new piece of hardware, they will need to account for the category of the hardware (BadUSB and Rubber Ducky would still be allowed under this rule, so be careful here).
Specify that administrators may override device instillation restriction policies when necessary to allow for any exceptions to these rules.
Outside of Active Directory environments, you may also choose to utilize software that restricts access to USB flash drives only those that are company-owned and/or recognized. Examples of such software include BitLocker, DiskCryptor and VeraCrypt. These solutions allow the contents of a USB drive to be encrypted automatically and transparently.
Additional software can be installed on external USB flash drives to prevent access to files if the drives are lost or stolen. Installing software on your organization’s computers may help track and minimize risk by recording and storing USB flash drive data in a centralized database.
Ready to Get Started?
Here are the steps you need to take to make create and enforce USB flash drive security policies across your organization:
USB Flash Drive Security Action Plan
- Hire a white-hat firm or security firm to perform an audit of your network’s USB devices, or set up a team internally.
- Discover all the endpoints in your network, and determine who is using removable media devices / media on those endpoints. Use “audit mode” to collect the information without disrupting productivity.
- Centrally create and manage the encryption of these removable media devices.
- Implement the encryption of these devices and enforce USB security policies to ensure sensitive information is secured.
- Generate reports to show how your data protection policies safeguard your organization’s critical information and prevent unauthorized data access to lost or stolen removable media devices. These reports will help demonstrate compliance with external government and industry regulations and with internal security policies.
While it’s easy to remember to secure employee laptops and data center servers, don’t forget about the USB flash drives and other storage devices you may be leaving behind. Though antivirus scans and reformatting may offer some counter to malicious threats, software-based secure erasure is the only way to ensure your organization’s thumb drives are completely clean and free of any threats. It’s important to perform such erasure at end-of-life (resale, reuse or recycling), before and after sharing information with third-party vendors, after employees leave your company and anytime you aren’t sure what information a USB holds.
Blancco Removable Media Eraser permanently and verifiably erases data from USB flash drives, SD cards and other flash memory devices, providing a tamper-proof audit trail and regulatory compliance for your organization. Request a demo now.
USB defines class code information that is used to identify a device’s functionality and to nominally load a device driver based on that functionality. The information is contained in three bytes with the names Base Class, SubClass, and Protocol. (Note that ‘Base Class’ is used in this description to identify the first byte of the Class Code triple. That terminology is not used in the USB Specification). There are two places on a device where class code information can be placed.One place is in the Device Descriptor, and the other is in Interface Descriptors. Some defined class codes are allowed to be used only in a Device Descriptor, others can be used in both Device and Interface Descriptors, and some can only be used in Interface Descriptors. The table below shows the currently defined set of Base Class values, what the generic usage is, and where that Base Class can be used (either Device or Interface Descriptors or both).
Last Update: June 15, 2016
Base Class | Descriptor Usage | Description |
00h | Device | |
01h | Interface | |
02h | Both | |
03h | Interface | |
05h | Interface | |
06h | Interface | |
07h | Interface | |
08h | Interface | |
09h | Device | |
0Ah | Interface | |
0Bh | Interface | |
0Dh | Interface | |
0Eh | Interface | |
0Fh | Interface | |
10h | Interface | |
11h | Device | |
12h | Interface | |
DCh | Both | |
E0h | Interface | |
EFh | Both | |
FEh | Interface | |
FFh | Both |
Base Class 00h (Device)
This base class is defined to be used in Device Descriptors to indicate that class information should be determined from the Interface Descriptors in the device. There is one class code definition in this base class. All other values are reserved.
This value is also used in Interface Descriptors to indicate a null class code triple.
Base Class | SubClass | Protocol | Meaning |
00h | 00h | 00h | Use class code info from Interface Descriptors |
Usb Compliance Network & Wireless Cards Driver Download For Windows 8
Base Class 01h (Audio)
This base class is defined for Audio capable devices that conform to the Audio Device Class Specification found on the USB-IF website. That specification defines the usable set of SubClass and Protocol values. Values outside of that defined spec are reserved. These class codes may only be used in Interface Descriptors.
Base Class | SubClass | Protocol | Meaning |
01h | xxh | xxh | Audio device |
Base Class 02h (Communications and CDC Control)
This base class is defined for devices that conform to the Communications Device Class Specification found on the USB-IF website. That specification defines the usable set of SubClass and Protocol values. Values outside of that defined spec are reserved. Note that the Communication Device Class spec requires some class code values (triples) to be used in Device Descriptors and some to be used in Interface Descriptors.
Base Class | SubClass | Protocol | Meaning |
02h | xxh | xxh | Communication device class |
Base Class 03h (HID – Human Interface Device)
Usb Compliance Network & Wireless Cards Driver Download For Windows 10
This base class is defined for devices that conform to the HID Device Class Specification found on the USB-IF website. That specification defines the usable set of SubClass and Protocol values. Values outside of that defined spec are reserved. These class codes can only be used in Interface Descriptors.
Base Class | SubClass | Protocol | Meaning |
03h | xxh | xxh | HID device class |
Base Class 05h (Physical)
This base class is defined for devices that conform to the Physical Device Class Specification found on the USB-IF website. That specification defines the usable set of SubClass and Protocol values. Values outside of that defined spec are reserved. These class codes can only be used in Interface Descriptors.
Base Class | SubClass | Protocol | Meaning |
05h | xxh | xxh | Physical device class |
Base Class 06h (Still Imaging)
This base class is defined for devices that conform to the Imaging Device Class Specification found on the USB-IF website. That specification defines the usable set of SubClass and Protocol values. Values outside of that defined spec are reserved.
Base Class | SubClass | Protocol | Meaning |
06h | 01h | 01h | Still Imaging device |
Base Class 07h (Printer)
This base class is defined for devices that conform to the Printer Device Class Specification found on the USB-IF website. That specification defines the usable set of SubClass and Protocol values. Values outside of that defined spec are reserved. These class codes can only be used in Interface Descriptors.
Base Class | SubClass | Protocol | Meaning |
07h | xxh | xxh | Printer device |
Base Class 08h (Mass Storage)
This base class is defined for devices that conform to the Mass Storage Device Class Specification found on the USB-IF website. That specification defines the usable set of SubClass and Protocol values. Values outside of that defined spec are reserved. These class codes can only be used in Interface Descriptors.
Base Class | SubClass | Protocol | Meaning |
08h | xxh | xxh | Mass Storage device |
Base Class 09h (Hub)
This base class is defined for devices that are USB hubs and conform to the definition in the USB specification. That specification defines the complete triples as shown below. All other values are reserved. These class codes can only be used in Device Descriptors.
Base Class | SubClass | Protocol | Meaning |
09h | 00h | 00h | Full speed Hub |
01h | Hi-speed hub with single TT | ||
02h | Hi-speed hub with multiple TTs |
Base Class 0Ah (CDC-Data)
This base class is defined for devices that conform to the Communications Device Class Specification found on the USB-IF website. That specification defines the usable set of SubClass and Protocol values.Values outside of that defined spec are reserved. These class codes can only be used in Interface Descriptors.
Base Class | SubClass | Protocol | Meaning |
0Ah | xxh | xxh | CDC data device |
Base Class 0Bh (Smart Card)
This base class is defined for devices that conform to the Smart Card Device Class Specification found on the USB-IF website. That specification defines the usable set of SubClass and Protocol values.Values outside of that defined spec are reserved. These class codes can only be used in Interface Descriptors.
Base Class | SubClass | Protocol | Meaning |
0Bh | xxh | xxh | Smart Card device |
Base Class 0Dh (Content Security)
This base class is defined for devices that conform to the Content Security Device Class Specification found on the USB-IF website. That specification defines the usable set of SubClass and Protocol values. Values outside of that defined spec are reserved. These class codes can only be used in Interface Descriptors.
Base Class | SubClass | Protocol | Meaning |
0Dh | 00h | 00h | Content Security device |
Base Class 0Eh (Video)
This base class is defined for devices that conform to the Video Device Class Specification found on the USB-IF website. That specification defines the usable set of SubClass and Protocol values. Values outside of that defined spec are reserved. These class codes can only be used in Interface Descriptors.
Base Class | SubClass | Protocol | Meaning |
0Eh | xxh | xxh | Video device |
Base Class 0Fh (Personal Healthcare)
This base class is defined for devices that conform to the Personal Healthcare Device Class Specification found on the USB-IF website. That specification defines the usable set of SubClass and Protocol values. Values outside of that defined spec are reserved. These class codes should only be used in Interface Descriptors.
Base Class | SubClass | Protocol | Meaning |
0Fh | xxh | xxh | Personal Healthcare device |
Base Class 10h (Audio/Video Devices)
The USB Audio/Video (AV) Device Class Definition describes the methods used to communicate with devices or functions embedded in composite devices that are used to manipulate audio, video, voice, and all image- and sound-related functionality. That specification defines the usable set of SubClass and Protocol values. Values outside of that defined spec are reserved. These class codes can only be used in Interface Descriptors.
Base Class | SubClass | Protocol | Meaning |
10h | 01h 02h 03h | 00h | Audio/Video Device – AVControl Interface |
00h | Audio/Video Device – AVData Video Streaming Interface | ||
00h | Audio/Video Device – AVData Audio Streaming Interface |
This base class is defined for devices that conform to the Billboard Device Class Specification found on the USB-IF website. That specification defines the usable set of SubClass and Protocol values. Values outside of that defined spec are reserved. These class codes can only be used in Device Descriptors.
Base Class | SubClass | Protocol | Meaning |
11h | 00h | 00h | Billboard Device |
Base Class 12h (USB Type-C Bridge Device)
This base class is defined for devices that conform to the USB Type-C Bridge Device Class Specification found on the USB-IF website. That specification defines the usable set of SubClass and Protocol values. Values outside of that defined spec are reserved. These class codes can only be used in Interface Descriptors.
Base Class | SubClass | Protocol | Meaning |
12h | 00h | 00h | USB Type-C Bridge Device |
Base Class DCh (Diagnostic Device)
This base class is defined for devices that diagnostic devices. This class code can be used in Device or Interface Descriptors.
Trace is a form of debugging where processor or system activity is made externally visible in real-time or stored and later retrieved for viewing by an applications developer, applications program, or, external equipment specializing observing system activity.
Design for Debug or Test (Dfx). This refers to a logic block that provides debug or test support (E.g. via Test Access Port (TAP)).
DvC: Debug Capability on the USB device (Device Capability)
Base Class | SubClass | Protocol | Meaning |
DCh | 01h | 01h | USB2 Compliance Device. Definition for this device can be found at http://www.intel.com/technology/usb/spec.htm |
02h | 00h | Debug Target vendor defined. Please see http://www.intel.com/content/www/us/en/io/universal-serial-bus/extensible-host-controler-interface-usb-xhci.html for more info. | |
01h | GNU Remote Debug Command Set. Please see http://www.intel.com/content/www/us/en/io/universal-serial-bus/extensible-host-controler-interface-usb-xhci.html for more info. | ||
03h | 00h | Undefined | |
01h | Vendor defined Trace protocol on DbC. | ||
04h | 00h | Undefined | |
01h | Vendor defined Dfx protocol on DbC. | ||
05h | 00h | Vendor defined Trace protocol over General Purpose (GP) endpoint on DvC. | |
01h | GNU Protocol protocol over General Purpose (GP) endpoint on DvC. | ||
06h | 00h | Undefined | |
01h | Vendor defined Dfx protocol on DvC. | ||
07h | 00h | Undefined | |
01h | Vendor defined Trace protocol on DvC. | ||
08h | 00h | Undefined |
Base Class E0h (Wireless Controller)
This base class is defined for devices that are Wireless controllers. Values not shown in the table below are reserved. These class codes are to be used in Interface Descriptors, with the exception of the Bluetooth class code which can also be used in a Device Descriptor.
Base Class | SubClass | Protocol | Meaning |
E0h | 01h | 01h | Bluetooth Programming Interface. Get specific information from www.bluetooth.com. |
02h | UWB Radio Control Interface. Definition for this is found in the Wireless USB Specification in Chapter 8. | ||
03h | Remote NDIS. Information can be found at: http://www.microsoft.com/windowsmobile/mobileoperators/default.mspx | ||
04h | Bluetooth AMP Controller. Get specific information from www.bluetooth.com. | ||
2h | 01h | Host Wire Adapter Control/Data interface. Definition can be found in the Wireless USB Specification in Chapter 8. | |
02h | Device Wire Adapter Control/Data interface. Definition can be found in the Wireless USB Specification in Chapter 8. | ||
03h | Device Wire Adapter Isochronous interface. Definition can be found in the Wireless USB Specification in Chapter 8. |
Base Class EFh (Miscellaneous)
Usb Compliance Network & Wireless Cards Driver Download For Windows Xp
This base class is defined for miscellaneous device definitions. Values not shown in the table below are reserved. The use of these class codes (Device or Interface descriptor) are specifically annotated in each entry below.
Base Class | SubClass | Protocol | Meaning | |
EFh | 01h | 01h | Active Sync device. This class code can be used in either Device or Interface Descriptors. Contact Microsoft for more information on this class. | |
02h | Palm Sync. This class code can be used in either Device or Interface Descriptors. | |||
02h | 01h | Interface Association Descriptor. The usage of this class code triple is defined in the Interface Association Descriptor ECN that is provided on www.usb.org . This class code may only be used in Device Descriptors. | ||
02h | Wire Adapter Multifunction Peripheral programming interface. Definition can be found in the Wireless USB Specification in Chapter 8. This class code may only be used in Device Descriptors | |||
03h | 01h | Cable Based Association Framework. This is defined in the Association Model addendum to the Wireless USB specification. This class code may only be used in Interface Descriptors. | ||
04h | 01h | RNDIS over Ethernet. Connecting a host to the Internet via Ethernet mobile device. The device appears to the host as an Ethernet gateway device. This class code may only be used in Interface Descriptors. | ||
02h | RNDIS over WiFi. Connecting a host to the Internet via WiFi enabled mobile device. The device represents itself to the host as an 802.11 compliant network device. This class code may only be used in Interface Descriptors. | |||
03h | RNDIS over WiMAX Connecting a host to the Internet via WiMAX enabled mobile device. The device is represented to the host as an 802.16 network device. This class code may only be used in Interface Descriptors. | |||
04h | RNDIS over WWAN Connecting a host to the Internet via a device using mobile broadband, i.e. WWAN (GSM/CDMA). This class code may only be used in Interface Descriptors. | |||
05h | RNDIS for Raw IPv4 Connecting a host to the Internet using raw IPv4 via non-Ethernet mobile device. Devices that provide raw IPv4, not in an Ethernet packet, may use this form to in lieu of other stock types. This class code may only be used in Interface Descriptors. | |||
06h | RNDIS for Raw IPv6 Connecting a host to the Internet using raw IPv6 via non-Ethernet mobile device. Devices that provide raw IPv6, not in an Ethernet packet, may use this form to in lieu of other stock types. This class code may only be used in Interface Descriptors. | |||
07h | RNDIS for GPRS Connecting a host to the Internet over GPRS mobile device using the device’s cellular radio | |||
05h | 00h | USB3 Vision Control Interface | Machine Vision Device conforming to the USB3 Vision specification. This standard covers cameras and other related devices that are typically used in machine vision, industrial, and embedded applications. Reference: http://visiononline.org/ This class code may only be used in Interface Descriptors. | |
01h | USB3 Vision Event Interface | |||
02h | USB3 Vision Streaming Interface | |||
06h | 01h | STEP. Stream Transport Efficient Protocol for content protection. | ||
02h | STEP RAW. Stream Transport Efficient Protocol for Raw content protection. | |||
07h | 01h | Command Interface in IAD | The DVB Common Interface (DVB-CI) specification describes a system whereby a removable CI Conditional Access Module (CICAM), given the appropriate usage rights, unscrambles protected pay-TV content and routes it over the same interface back to a TV receiver for display. An interface association for a DVB-CI function will contain a DVB-CI Command Interface for command, control, and status information, it may contain a DVB-CI Media Interface for audiovisual data streams, and it may also contain a CDC EEM interface to provide bridged networking to the CICAM. Reference: https://www.dvb.org/standards/dvb-ci-plus | |
01h | Command Interface in Interface Descriptor | |||
02h | Media Interface in Interface Descriptor | |||
Base Class FEh (Application Specific)
This base class is defined for devices that conform to several class specifications found on the USB-IF website. That specification defines the usable set of SubClass and Protocol values. Values outside of that defined spec are reserved. These class codes can only be used in Interface Descriptors.
Base Class | SubClass | Protocol | Meaning |
FEh | 01h | 01h | Device Firmware Upgrade. Device class definition provided on www.usb.org . |
02h | 00h | IRDA Bridge device. Device class definition provided on www.usb.org . | |
03h | 00h | USB Test and Measurement Device. Definition provided in the USB Test and Measurement Class spec found on www.usb.org . | |
01h | USB Test and Measurement Device conforming to the USBTMC USB488 Subclass Specification found on www.usb.org. |
Base Class FFh (Vendor Specific)
This base class is defined for vendors to use as they please. These class codes can be used in both Device and Interface Descriptors.
Base Class | SubClass | Protocol | Meaning |
FFh | xxh | xxh | Vendor specific |