USB ports are one of the most convenient ports ever invented. You can plug in mice, keyboards, floppy disk drives (necessary, once in a while), flash memory stick drives, and many other devices.
This convenience comes with a price, though: it can make your computer's data less secure. For example, you may have used data encryption software like AlertBoot to secure the data on the computer; however, an employee could plug his iPod into a computer and download gigabytes worth of data. How to prevent it? Disable the USB port
If you have to deal with multiple computers, the use of USB port security software may be your best option. Such programs generally allow you to create blacklists and whitelists of hardware devices that will be recognized by the computer and blocked (or allowed) accordingly.
This certainly beats using superglue to essentially "weld" USB ports shut--a practice that is very effective at preventing endusers from stealing data via the use of flash drives. However, this also prevents one from using a USB mouse, for example. (And, what if you do have a mouse connected already? Do you superglue it to the USB port as well? After all, one could unplug the mouse and plug in a hard drive to copy information.)
Once you've set up the blacklists and whitelists, it's a matter of having your computers updated. Since it all happens over a network, the computer administrator doesn't have to leave his chair to individually update multiple computers (or to superglue them, if he decides lists are too bothersome).
Combining USB port control with hard disk encryption significantly drops the chances of a successful data breach, and it's one of the reasons AlertBoot offers both in the same package.
Of course, there is the option to not use USB port control software. For example, you could change the BIOS settings and disable USB ports that way. However, you're facing the same problem as supergluing ports shut: a mouse won't register with the computer.
Another option is to disable write access to USB ports. Obviously, this type of control means software is involved--in this case, the operating system of the computer.
In Windows, you could open the Windows Registry and modify the information. However, this means making modifications one computer at a time. If you're dealing with ten computers, it could easily consume thirty minutes to an hour. Obviously more time would be required with more computers.
Plus, in the event that there is a change in computer policies, you'd have to go back and make modifications. An unappealing prospect, especially if you know the same job can be done by updating a list once in a while and hitting "enter."
Disabling ports one by one may be "cheaper" since extra charges are not incurred, but only if your IT administrator is doing nothing all day long. Otherwise, this "cheaper" option has fees in hidden form: the opportunity cost of your IT guys, who are spending time walking around and updating registries as opposed to doing something more useful.