Educause Security Discussion mailing list archives
Re: USB Keyloggers
From: "Doty, Timothy T." <tdoty () MST EDU>
Date: Wed, 15 Dec 2010 08:40:28 -0600
That is irrelevant to the key logging aspect and would only prevent mounting of the device as a drive to view the log. Key loggers, when acting as such, are invisible. As far as the computer is concerned they do not exist. They simply pass all USB traffic through them, just like a USB extender -- with the added feature that they sniff the traffic and log key events depending on their configuration. Tim Doty
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jon Hanny Sent: Wednesday, December 15, 2010 8:36 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] USB Keyloggers If the systems in question are Windows systems, you should be able to configure them to limit the allocation of drive letters. This would prevent usb storage devices from being added to the given station while still allowing usb mice and keyboards to function. Respectfully, ---------------------------------- Jon Hanny CRISC, CISSP, GSLC IT Risk Management /Application Security The George Washington Universtiy 703-726-4469 jehanny () gwu edu ---------------------------------- On 12/15/2010 9:29 AM, Doty, Timothy T. wrote:In our case the majority of lectern systems are housed in a casing ofsomesort. Locking that down can prevent insertion of the keylogger at thePC.For others our support grouped talked about the possibility ofattaching thekeyboard to an internal USB port with a cable loop to preventextraction.I'm not sure if they ever got to the point of doing that. For what its worth, a couple of factors may allow identifying those responsible. In addition to inappropriate account access (forexample, afaculty logging in from a computer lab they don't go to) andcorrelatingactivity from that, the keyloggers I've seen use a keystroke toswitch tomass storage device mode and trolling through the logs can reveal interesting items such as the login that preceded the key sequence. Typically the last key pressed to make the magic combination won't be logged, but the rest will so searching through the logs forappropriatecombinations of keys can find the transition for key logging beingdisabled.Tim Doty-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Will Froning Sent: Tuesday, December 14, 2010 10:40 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] USB Keyloggers Hello All, This semester we've already found 2 USB keyloggers on lectern PCs. Until we get some sort of OTP solution ironed out (AuthLite w/YubiKeylooks nice), what are your schools doing to protect lectern PCs from keyloggers? A bit of googling brings up: <http://www.myusbonly.com/> <http://www.devicelock.com/> Thanks, Will -- Will Froning Unix SysAdmin Will.Froning () GMail com MSN: wfroning () angui sh YIM: will_froning AIM: willfroning
Attachment:
smime.p7s
Description:
Current thread:
- USB Keyloggers Will Froning (Dec 14)
- Re: USB Keyloggers Doty, Timothy T. (Dec 15)
- Re: USB Keyloggers Jon Hanny (Dec 15)
- Re: USB Keyloggers Doty, Timothy T. (Dec 15)
- Re: USB Keyloggers Jon Hanny (Dec 15)
- Re: USB Keyloggers Brad Judy (Dec 15)
- Re: USB Keyloggers Doty, Timothy T. (Dec 15)
- Re: USB Keyloggers Will Froning (Dec 15)
- Re: USB Keyloggers Brad Judy (Dec 15)
- Re: USB Keyloggers Doty, Timothy T. (Dec 15)
- Re: USB Keyloggers Doty, Timothy T. (Dec 15)