The idea is hardening; disallow anything extraneous to your purpose which may negatively impact your security. So, get a computer with built-in peripherals (a laptop), or only leave the ports unglued which you intend to use.
An old-fashioned keyboard and mouse port serves only one function; connecting a keyboard or a mouse. A USB port is general purpose. Since the latter is much more complex, we can expect its drivers to contain lot more vulnerabilities. If you expose your keyboard and mouse ports, and your USB ports, you're vulnerable to all of the flaws in both. If you only expose your keyboard and mouse, you're better off.
Its worth noting that none of this matters if you don't use full-disk encryption. They can mount your hard drive and add a user with root privileges to /etc/shadow and /etc/passwd in a matter of minutes if your drives are stored in clear text.
> Its worth noting that none of this matters if you don't use full-disk encryption.
And just to be clear, one of the fun things with firewire exploits, is that it easily defeats fde -- it allows an attacker to dump the ram, and extract the encryption keys from ram (as the keys need to be in ram for the os to access the disks...).
So you could perhaps mirror the drives at night, when no-one is around, and dump the keys you need to use that dump during lunch break, when the machine is on, but unattended... You might argue that they could just blow some co2 on your ram sticks, and dump the keys from there (if they could already access your hds...) -- and you'd be right -- but firewire is a lot less intrusive...
