Many people don’t know this, but the Linux kernel allows the administrators to enable/disable the use of USB devices in the system; per device or with a default policy (that is allow everything by default).
Authorize a device to connect:
$ echo 1 > /sys/bus/usb/devices/DEVICE/authorized
Deauthorize a device:
$ echo 0 > /sys/bus/usb/devices/DEVICE/authorized
Set new devices connected to hostX to be deauthorized by default (ie: lock down):
$ echo 0 > /sys/bus/usb/devices/usbX/authorized_default
Remove the lock down:
$ echo 1 > /sys/bus/usb/devices/usbX/authorized_default
For more information:
It is also possible to disable all the storage devices by disabling the kernel module.
Just adding the following entry to /etc/rc.local