Re: USB Keyloggers

["Doty, Timothy T." <tdoty () MST EDU>]

A good point that I neglected: our lab systems have been Dell Optiplexes
which have a simple hasp integrated into the case. We padlock these with a
security cable affixed to the desk/table to prevent systems, or internal
parts, from walking off. Without that, using an internal USB port for the
keyboard would have little purpose.

We considered recommending ports to be visible for easy inspection. However,
realistically it is unlikely that any but the most paranoid faculty will
check every time before every class, no matter how visible the ports are.
Since we already practice a level of physical security on the hardware it
made sense to extend that to the ports where practical.

Tim Doty

> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brad Judy
> Sent: Wednesday, December 15, 2010 8:40 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] USB Keyloggers
>
> These programs do not protect against USB keyloggers.  These programs
> are
> designed to address any USB devices that trigger driver state changes
> and
> USB keyloggers are designed to be passive in-line devices that are
> invisible
> to the computer.  Your only real protections are physical security and
> visual inspection.
>
> For podiums, lock the computer into a cabinet and provide a USB cable
> for
> connecting thumbdrives.  This prevents devices from being installed in-
> line
> with the keyboard.
>
> Some vendors offer attachments for the back side of computers that lock
> into
> place and prevent users from accessing the rear ports or messing with
> cables.  I know Dell has offered this for their Optiplex line in the
> past (I
> haven't looked lately).
>
> Mounting lab computers so the ports are readily visible makes it easier
> for
> lab techs to notice if anything is out of the ordinary.  It usually
> means
> they are easier to service too, but it might not be as aesthetically
> pleasing.
>
> Brad Judy
>
> Emory University
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Will Froning
> Sent: Tuesday, December 14, 2010 11:40 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] USB Keyloggers
>
> Hello All,
>
> This semester we've already found 2 USB keyloggers on lectern PCs.
> Until we get some sort of OTP solution ironed out (AuthLite w/ YubiKey
> looks
> nice), what are your schools doing to protect lectern PCs from
> keyloggers?
>
> A bit of googling brings up:
> <http://www.myusbonly.com/>
> <http://www.devicelock.com/>
>
> Thanks,
> Will
>
> --
> Will Froning
> Unix SysAdmin
> Will.Froning () GMail com
> MSN: wfroning () angui sh
> YIM: will_froning
> AIM: willfroning

Attachment: smime.p7s
Description: