By deploying Agent on terminal devices, it is possible to identify and control USB external devices such as USB storage devices, memory cards, mobile devices, USB network cards, and combo drives. It is possible to set computer permissions for accessing devices, such as whether to access devices and whether to modify permissions, to avoid the leakage of confidential information. It is also possible to establish a USB storage device allowlist to prevent unidentified USB storage devices that have not been verified from transferring and accessing data. In addition, devices can be detected and prohibited from using wireless networks or Bluetooth to prevent the use of private networks to transmit confidential information bypassing corporate network.