Disabling USB for security reasons

Hello.

We are trying to disable USB ports in all devices of the datacenter for security reasons.

Checking USB devices already conected we can see these:

 lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 003: ID f5f5:1002  

Checking dependencies we got this:

 lsusb -t
Bus  2
`-Dev   1 Vendor 0x1d6b Product 0x0002
  `-Dev   2 Vendor 0x8087 Product 0x0024
Bus  1
`-Dev   1 Vendor 0x1d6b Product 0x0002
  `-Dev   2 Vendor 0x8087 Product 0x0024
    `-Dev   3 Vendor 0xf5f5 Product 0x1002

It seems that "

Linux Foundation 2.0 root hub

" and "

Intel Corp. Integrated Rate Matching Hub

" are sockets to connect other USB devices and "

f5f5:1002

" seems that is something connected to thoses sockets.

We think that it's possible to disable all USB devices just disabling the driver of the parent socket (

Linux Foundation 2.0 root hub

)

To do so, we are planning to include the driver used by "Linux USB socket" at modprobe blacklist.

 usb-devices 

T:  Bus=01 Lev=00 Prnt=00 Port=00 Cnt=00 Dev=  1 Spd=480 MxCh= 2
D:  Ver= 2.00 Cls=09(hub  ) Sub=00 Prot=00 MxPS=64 Cfgs=  1
P:  Vendor=1d6b ProdID=0002 Rev=02.06
S:  Manufacturer=Linux 2.6.32-431.56.1.el6.f5.x86_64 ehci_hcd
S:  Product=EHCI Host Controller
S:  SerialNumber=0000:00:1a.0
C:  Ifs= 1 Cfg= 1 Atr=e0 MxPwr=0mA
I:  If= 0 Alt= 0 EPs= 1 Cls=09(hub  ) Sub=00 Prot=00 Driver=hub

So, we should include

blacklist ehci_hci

line at

/etc/modprobe.d/blacklist.conf

and reboot the system.

The question starts here. What is exactly the device connected to

f5f5:1002

??

Checking F5 Doc it seems that could be the Unit-key --> https://support.f5.com/csp/article/K73034260

Do you know if this is true?

What is the best way to disable the USB ports at F5 BIG-IP?

KR, Dario.