Educause Security Discussion mailing list archives
Re: USB Keyloggers
From: Will Froning <will.froning () GMAIL COM>
Date: Wed, 15 Dec 2010 21:49:26 +0400
Hello Brad, On Wed, Dec 15, 2010 at 6:39 PM, Brad Judy <win-hied () bradjudy com> wrote:
These programs do not protect against USB keyloggers. These programs are designed to address any USB devices that trigger driver state changes and USB keyloggers are designed to be passive in-line devices that are invisible to the computer. Your only real protections are physical security and visual inspection.
I've investigated one of the recovered devices and it actually has a Texas Instruments USB hub chip installed. So it does show up as an additional device. I haven't gotten around to testing if the other device we've recovered acts as a hub also, but in theory we could deny all devices except for the mouse and keyboard. I'm not sure how easy it is for these keyloggers to change device IDs, but if it's trivial we would be SOL.
For podiums, lock the computer into a cabinet and provide a USB cable for connecting thumbdrives. This prevents devices from being installed in-line with the keyboard.
For us it's the amount of time to get this solution in place. It would likely take us at least 3 months.
Some vendors offer attachments for the back side of computers that lock into place and prevent users from accessing the rear ports or messing with cables. I know Dell has offered this for their Optiplex line in the past (I haven't looked lately). Mounting lab computers so the ports are readily visible makes it easier for lab techs to notice if anything is out of the ordinary. It usually means they are easier to service too, but it might not be as aesthetically pleasing.
Agreed. Thanks, Will
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Will Froning Sent: Tuesday, December 14, 2010 11:40 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] USB Keyloggers Hello All, This semester we've already found 2 USB keyloggers on lectern PCs. Until we get some sort of OTP solution ironed out (AuthLite w/ YubiKey looks nice), what are your schools doing to protect lectern PCs from keyloggers? A bit of googling brings up: <http://www.myusbonly.com/> <http://www.devicelock.com/> Thanks, Will -- Will Froning Unix SysAdmin Will.Froning () GMail com MSN: wfroning () angui sh YIM: will_froning AIM: willfroning
-- Will Froning Unix SysAdmin Will.Froning () GMail com MSN: wfroning () angui sh YIM: will_froning AIM: willfroning
Current thread:
- USB Keyloggers Will Froning (Dec 14)
- Re: USB Keyloggers Doty, Timothy T. (Dec 15)
- Re: USB Keyloggers Jon Hanny (Dec 15)
- Re: USB Keyloggers Doty, Timothy T. (Dec 15)
- Re: USB Keyloggers Jon Hanny (Dec 15)
- Re: USB Keyloggers Brad Judy (Dec 15)
- Re: USB Keyloggers Doty, Timothy T. (Dec 15)
- Re: USB Keyloggers Will Froning (Dec 15)
- Re: USB Keyloggers Brad Judy (Dec 15)
- Re: USB Keyloggers Doty, Timothy T. (Dec 15)
- Re: USB Keyloggers Doty, Timothy T. (Dec 15)