As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
Information handling systems often use external input/output (I/O) ports, such as Universal Serial Bus (USB) ports, to allow for external coupling of various components to the information handling system, including mass storage devices (e.g., flash drives), human interface devices (e.g., keyboard/video/mouse devices), network interfaces, or other devices.
However, one disadvantage of such external ports is that they may be a point of security vulnerability, as individuals with bad intent may use external devices to perpetrate attacks through external ports, or surreptitiously place malware on an external device and an authorized but unaware user may unknowingly couple such external device to an external port, thus compromising the information handling system.
Traditionally, such vulnerabilities were reduced by disabling external ports, only to have an administrator enable such ports if and when needed. However, in such traditional approaches, information handling systems only allow for a boot time only basic input/output system (BIOS) menu option to disable various combinations of server USB ports (e.g., all external, all front, all rear, internal, etc.). However, it is a common management problem to want to authenticate a local user/technician to interact with a running information handling system through a USB port such as via a crash cart. To enable the external port to allow interaction via the USB port, a remote administrator must reboot the information handling system, change a BIOS setting for the USB port during such reboot, then reboot again to allow the setting to be applied.
Additionally, existing approaches do not allow discrimination among classes of external USB devices to be enabled or disabled.