Re: Keyloggers in computer labs

["clementz.7" <clementz.7 () OSU EDU>]

We also run AutoCAD, but have spent alot of time working with specific file
permissions in order to remove the students from the power user group.  We
have about 35 major software packages we run so it's a lot of work when a
new program comes out, but it helps me sleep at night.  Also we run Keysever
by Sassafrass to keep unwanted executables from being run.  I hope this is
of some help.

Todd Clementz
Systems Administrator
The Austin E. Knowlton School of Architecture
The Ohio State University
Support Site.  http://support.knowlton.ohio-state.edu
clementz.7 () osu edu

----- Original Message -----
From: "Gary Flynn" <flynngn () JMU EDU>
To: <SECURITY () LISTSERV EDUCAUSE EDU>
Sent: Tuesday, February 07, 2006 9:40 AM
Subject: Re: [SECURITY] Keyloggers in computer labs


> Kay Sommers wrote:
>
> > How are you protecting your computer labs from the installation of
> > keyloggers?   Lab managers want to use local administrator or power user
> > accounts on these machines so that various applications run properly, but
> > of course, that exposes these public machines to the possibility of
> > anything being installed.  Re-imaging or return point strategies such as
> > Deep Freeze still leave the machines vulnerable for a certain period of
> > time.
> > What approaches are being used to protect public machines other than not
> > allowing privileged logins?
>
>
> I'm glad we're not the only one with the problem. There have
> been enough reports that I worry about it regularly. We have
> to tread carefully in security awareness about the concept of
> a "trusted computer".
>
> http://chronicle.com/weekly/v48/i43/43a03201.htm
> http://news.com.com/2100-1023-983717.html
> http://deseretnews.com/dn/view/0,1249,600154978,00.html
>
> We use Deep Freeze but acknowledge the threat by posting notices
> on the walls and using a screen saver that advises students to
> reboot the machines before use. Non-Admin would certainly be
> an improvement but professors want their students to have the
> ability to install software on the lab computers.
>
> It presents a problem because when a computer is infected,
> the operator is advised to change any passwords typed into
> the infected computer on a trusted computer. But where to
> find one? :(
>
> Sometimes I do a security awareness presentation for a class
> in the labs. They're usually busy at work when I arrive. I
> ask how many rebooted the computers before starting and then
> proceed to show them the contents of a keyboard logger.
> Generally, I don't have people trying to do work anymore
> during the presentation. :)
>
>
> --
> Gary Flynn
> Security Engineer
> James Madison University
> www.jmu.edu/computing/security