diff --git a/sysctl.conf b/sysctl.conf
index ed94373..31da73c 100644
--- a/sysctl.conf
+++ b/sysctl.conf
@@ -96,6 +96,9 @@ dev.tty.ldisc_autoload = 0
 # breaks screen readers
 dev.tty.legacy_tiocsti = 0
 
+# block all newly connected USB devices
+#kernel.deny_new_usb=1
+
 ########## File System ##########
 
 # disallow core dumping by SUID/SGID programs