Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Keyloggers in computer labs

From: stanislav shalunov <shalunov () INTERNET2 EDU>
Date: Tue, 7 Feb 2006 00:37:22 -0500
Kay Sommers <ksommers () VCU EDU> writes:


Re-imaging or return point strategies such as Deep Freeze still
leave the machines vulnerable for a certain period of time.


And, of course, they won't do much against approaches the compromise
the hardware itself:
http://www.thinkgeek.com/gadgets/electronic/5a05/
http://www.thinkgeek.com/gadgets/security/7af2/

(The first item is popular enough to be out of stock, but is widely
available elsewhere, e.g., at http://www.keykatcher.com/)

A trusted computing base includes all hardware, from the keyboard to
the monitor to the power supply.  It might make sense to make an
effort to have some physical security for the systems; unfortunately,
it is hard to properly secure keyboards---I've not seen a keyboard
with a lock for the connector.  There are some tamper-evident
attachments, though.  Better than nothing, I suppose.

--
Stanislav Shalunov              http://www.internet2.edu/~shalunov/

WARNING: It is a US federal crime to annoy me over the Internet.
(47 U.S.C. 223, amended by Sec. 113 H.R.3402, in effect since 2006-01-05.)
Previous By Date Next
Previous By Thread Next

Current thread: