Why choose Kingston IronKey™?
With the power and pedigree of Kingston Technology forged into every product, trust that your data is truly secure when it’s secured by IronKey.
What is whitelisting
Whitelisting USB devices is a security measure which limits which devices can access a computer to a “whitelist” of specific, approved devices. It prevents unknown or untrusted USB devices initiating data breaches or unauthorized data transfer, as well as cutting off a common vector for malware.
Whitelisting by Vendor ID or Product ID (VID/PID) gives endpoint managers the ability to authorize specific USB devices based on their unique identifier. Only devices with a matching VID/PID combination will have permission to connect and function. Depending on the security software or operating system being used, the specific steps for whitelisting can vary. In general, the process includes identifying the device’s VID and PID, then adding it to a whitelist (allowed list).
What is VID/PID?
A USB device, while plugged in, identifies itself by its VID/PID combination. A VID (Vendor ID) is a 16-bit vendor number. A PID (Product ID) is a 16-bit product number. Together, a device’s VID/PID combination is a unique identifier comparable to a barcode that a system can use to recognize and interact with it. A host can use the VID/PID combination to find the drivers to use for the USB device, if any.
Why use both VID and PID?
There are multiple levels of protection for USB storage devices, depending on the method. Utilizing USB storage devices’ respective vendor identifier and product identifier values to whitelist them is both effective and simple. Every manufacturer of USB peripherals has a unique VID, but the PID changes for each new product released. With regards to whitelisting, using a manufacturer’s VID alone would be too broad to be secure: every USB device it has ever produced would be permitted. The PID alone is more refined as a security measure, restricting access to the host system to just one specific model. However, this is not a perfect solution, as users may be able to acquire their own devices matching the authorized models on the consumer market.
Kingston’s customization program can create and apply custom PID profiles specific to an organization to a range of Kingston encrypted USB flash drives. Contact your Kingston representative to learn more.
Benefits of whitelisting
- Whitelisting provides more granular control, by making device access a case of blocking most devices while authorizing only specific devices.
- Whitelisting frees employees from monitoring duties, saving time and resources, improving efficiency.
- Most obviously, whitelisting enhances cybersecurity, increasing the difficulty of penetrating your system due to the blanket blocking of devices that have not been approved. Unauthorized USB devices are a common vector of malware, which can have all sorts of deleterious effects on your organization, such as data leaks.
- For this reason, whitelisting is an effective form of DLP (data loss prevention).
- Due to the security benefits, whitelisting is an effective method of ensuring compliance with data protection regulations such as HIPAA, or GDPR.
Alternatives to whitelisting
You can whitelist devices based on their serial number, if available. Other alternatives include using custom classes that group devices based on their type, or by various other criteria deemed acceptable by your organization.
How to find a device’s VID/PID
- In Windows: Click Start. Type Device Manager, then open it to view all devices connected to your computer. Select and double-click your device. Go to the Details tab. From the drop-down menu, select Parent to view the VID and PID.
- In macOS: Type ‘System Information’ into the Search bar, then click Hardware. You will find your USB device’s VID/PID among the information for that drive.
- In Linux: Enter the command ‘lsusb’ in your terminal. You will see the VID and PID pairs listed by each USB device connected to your computer.
Kingston IronKey™ VID/PID combinations
| Current Product | Product SKU | USB VID (Hex/Dec) | USB PID (Hex/Dec) | HID PID (Hex/Dec) |
|---|---|---|---|---|
| IronKey Locker+ 50 G2 | IKLP50G2 | 0951 / 2385 | 159D / 5533 | 00D3 / 211 |
| IronKey Vault Privacy 50 | IKVP50 | 0951 / 2385 | 1575 / 5493 | 00A6 / 166 |
| IronKey Vault Privacy 50C | IKVP50C | 0951 / 2385 | 1576 / 5494 | 00A7 / 167 |
| IronKey Keypad 200 | IKKP200 | 2009 / 8201 | 7100 / 28928 | E100 / 57600 |
| IronKey Keypad 200C | IKKP200C | 2009 / 8201 | 7200 / 29184 | E200 / 57856 |
| IronKey Vault Privacy 80ES | IKVP80ES | 0951 / 2385 | 1574 / 5492 | N/A |
| IronKey D500S | IKD500S | 0951 / 2385 | 1572 / 5490 | 00A3 / 163 |
| Archive Product | Product SKU | USB VID (Hex/Dec) | USB PID (Hex/Dec) | HID PID (Hex/Dec) |
|---|---|---|---|---|
| IronKey Locker+ 50 | IKLP50 | 0951 / 2385 | 1577 / 5495 | 00A8 / 168 |
| IronKey Basic S1000 | IKS1000B | 0951 / 2385 | 1013 / 4115 | N/A |
| IronKey Enterprise S1000 | IKS1000E | 0951 / 2385 | 1014 / 4116 | N/A |
| IronKey D500SM | IKD500SM | 0951 / 2385 | 1573 / 5491 | 00A4 / 164 |
| IronKey D300 | IKD300 | 0951 / 2385 | 1539 / 5433 | 0059 / 89 |
| IronKey D300S | IKD300S | 0951 / 2385 | 1560 / 5472 | 0089 / 137 |
| IronKey D300M | IKD300M | 0951 / 2385 | 153B / 5435 | 005B / 91 |
| IronKey D300SM | IKD300SM | 0951 / 2385 | 1561 / 5473 | 008A / 138 |
| DataTraveler Locker+ G3 | DTLPG3 | 0951 / 2385 | 169D / 5789 | 0018 / 24 |
| DataTraveler VaultPrivacy 30 | DTVP30 | 0951 / 2385 | 1505 / 5381 | 0017 / 23 |
| DataTraveler DT2000 | DT2000 | 2009 / 8201 | 16AF / 5807 | E6AF / 59055 |
| DataTraveler DT4000G2 | DT4000G2 | 0951 / 2385 | 1508 / 5384 | 001B / 27 |
| DataTraveler DT4000G2DM | DT4000G2DM | 0951 / 2385 | 152F / 5423 | 004C / 76 |
| Table Key: | ||
| VID – Vendor ID | PID – Product ID | HID – Human interface device* |
| Hex – Hexadecimal | Dec – Decimal** | |
* Under rare circumstances in some restricted environments, the encrypted USB drive may switch into HID Mode. If it does, the HID PID will need to be whitelisted in addition to the standard PID.
** Some endpoint solutions will display the VID/PID values in Decimal, rather than the standard Hexadecimal values.
Summary
Endpoint management is a pain point for organizations of all sizes. Unrestricted use of USB devices can jeopardize system and data integrity, leaving organizations liable to the tune of millions of dollars, in addition to reputational damage. At the same time, blanket bans on USB devices inhibit the ability of your organization to work flexibly and share needed information. Whitelisting offers organizations a secure way to permit employees to use approved devices without leaving a backdoor open to malware and other security issues. Kingston’s organization-specific custom PID profiles offer a bespoke solution that both simplifies whitelisting and enhances security.
