Re: USB Keyloggers

[Brad Judy <win-hied () BRADJUDY COM>]

These programs do not protect against USB keyloggers.  These programs are
designed to address any USB devices that trigger driver state changes and
USB keyloggers are designed to be passive in-line devices that are invisible
to the computer.  Your only real protections are physical security and
visual inspection.

For podiums, lock the computer into a cabinet and provide a USB cable for
connecting thumbdrives.  This prevents devices from being installed in-line
with the keyboard.  

Some vendors offer attachments for the back side of computers that lock into
place and prevent users from accessing the rear ports or messing with
cables.  I know Dell has offered this for their Optiplex line in the past (I
haven't looked lately).  

Mounting lab computers so the ports are readily visible makes it easier for
lab techs to notice if anything is out of the ordinary.  It usually means
they are easier to service too, but it might not be as aesthetically
pleasing.  

Brad Judy

Emory University

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Will Froning
Sent: Tuesday, December 14, 2010 11:40 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] USB Keyloggers

Hello All,

This semester we've already found 2 USB keyloggers on lectern PCs.
Until we get some sort of OTP solution ironed out (AuthLite w/ YubiKey looks
nice), what are your schools doing to protect lectern PCs from keyloggers?

A bit of googling brings up:
<http://www.myusbonly.com/>
<http://www.devicelock.com/>

Thanks,
Will

--
Will Froning
Unix SysAdmin
Will.Froning () GMail com
MSN: wfroning () angui sh
YIM: will_froning
AIM: willfroning