RE: centrally monitored "keylogger"

["Sadler, Connie" <Connie_Sadler () Brown edu>]

I've been in this business for 20+ years. Full forensic logging is a
very bad idea. It takes us down a very undesirable road, in my opinion.
If you do it, you will have an extremely difficult time getting anyone
to work for you. I have a hard time believing that it is really being
suggested -

Connie

-----Original Message-----
From: Jason Coombs [mailto:jasonc () science org] 
Sent: Thursday, October 14, 2004 7:25 PM
To: Andrew Shore
Cc: Jantz, EJ; security-basics () securityfocus com
Subject: Re: centrally monitored "keylogger"

> Just because we can, morally and ethically, should we.

Yes, we should.

The can of worms is already open. Computer evidence is allowed in court,
and the only way to prove a negative with respect to computer evidence
is to have a positive log of everything that was done with the computer
and every change that was made to data with the knowledge and consent of
the computer owner.

Who the computer operator is at the time a key is pressed is something
that keyloggers won't necessarily help determine, and even two factor
authentication doesn't help with this if anyone can sit down at a box
and operate it after authentication has occurred.

Big problems. Real problems. Full forensic logging of everything is the
only solution. Video surveillance of the computer at all times helps
answer the question "who was the operator while these keys were
pressed?". Also, keystrokes are not enough -- we must log all mouse
movements/clicks and everything that passes through the keyboard input
buffer (because software can write to this buffer, too, it isn't
restricted to keyboard input only).

Or we can get rid of computers. Your pick.

Regards,

Jason Coombs
jasonc () science org


Andrew Shore wrote:
> I agree that as a sys admin ensuring that systems are secure should be
a high priority.
> However, I feel that monitoring every key stoke goes beyond the pale.
>
> Just because we can, morally and ethically, should we.
...