Educause Security Discussion mailing list archives
Re: USB Keyloggers
From: "Doty, Timothy T." <tdoty () MST EDU>
Date: Wed, 15 Dec 2010 08:48:46 -0600
A good point that I neglected: our lab systems have been Dell Optiplexes which have a simple hasp integrated into the case. We padlock these with a security cable affixed to the desk/table to prevent systems, or internal parts, from walking off. Without that, using an internal USB port for the keyboard would have little purpose. We considered recommending ports to be visible for easy inspection. However, realistically it is unlikely that any but the most paranoid faculty will check every time before every class, no matter how visible the ports are. Since we already practice a level of physical security on the hardware it made sense to extend that to the ports where practical. Tim Doty
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brad Judy Sent: Wednesday, December 15, 2010 8:40 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] USB Keyloggers These programs do not protect against USB keyloggers. These programs are designed to address any USB devices that trigger driver state changes and USB keyloggers are designed to be passive in-line devices that are invisible to the computer. Your only real protections are physical security and visual inspection. For podiums, lock the computer into a cabinet and provide a USB cable for connecting thumbdrives. This prevents devices from being installed in- line with the keyboard. Some vendors offer attachments for the back side of computers that lock into place and prevent users from accessing the rear ports or messing with cables. I know Dell has offered this for their Optiplex line in the past (I haven't looked lately). Mounting lab computers so the ports are readily visible makes it easier for lab techs to notice if anything is out of the ordinary. It usually means they are easier to service too, but it might not be as aesthetically pleasing. Brad Judy Emory University -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Will Froning Sent: Tuesday, December 14, 2010 11:40 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] USB Keyloggers Hello All, This semester we've already found 2 USB keyloggers on lectern PCs. Until we get some sort of OTP solution ironed out (AuthLite w/ YubiKey looks nice), what are your schools doing to protect lectern PCs from keyloggers? A bit of googling brings up: <http://www.myusbonly.com/> <http://www.devicelock.com/> Thanks, Will -- Will Froning Unix SysAdmin Will.Froning () GMail com MSN: wfroning () angui sh YIM: will_froning AIM: willfroning
Attachment:
smime.p7s
Description:
Current thread:
- USB Keyloggers Will Froning (Dec 14)
- Re: USB Keyloggers Doty, Timothy T. (Dec 15)
- Re: USB Keyloggers Jon Hanny (Dec 15)
- Re: USB Keyloggers Doty, Timothy T. (Dec 15)
- Re: USB Keyloggers Jon Hanny (Dec 15)
- Re: USB Keyloggers Brad Judy (Dec 15)
- Re: USB Keyloggers Doty, Timothy T. (Dec 15)
- Re: USB Keyloggers Will Froning (Dec 15)
- Re: USB Keyloggers Brad Judy (Dec 15)
- Re: USB Keyloggers Doty, Timothy T. (Dec 15)
- Re: USB Keyloggers Doty, Timothy T. (Dec 15)