Many people don’t know this, but the Linux kernel allows the administrators to enable/disable the use of USB devices in the system;  per device or with a default policy (that is allow everything by default).

Authorize a device to connect:

$ echo 1 > /sys/bus/usb/devices/DEVICE/authorized

Deauthorize a device: 

$ echo 0 > /sys/bus/usb/devices/DEVICE/authorized

Set new devices connected to hostX to be deauthorized by default (ie:  lock down):

$ echo 0 > /sys/bus/usb/devices/usbX/authorized_default

Remove the lock down: 

$ echo 1 > /sys/bus/usb/devices/usbX/authorized_default  

For more information:

It is also possible to disable all the storage devices by disabling the kernel module.

Just adding the following entry to /etc/rc.local

rmmod usb_storage