Phil5780
asked on
Keylogger detection
I'm now implementing full system encryption (Truecrypt) on all of my workstations and laptops. All of this security is worthless if an adversary slips a hardware keylogger into my network. Since the operating system registers key events they must be traceable. Hardware key logging devices can connect to both PCI or USB plugs. How to I block such an attack?
A hardware key logger is difficult to detect in software. If they do show up in device manager on the computer, they will appear as a fairly generic hardware such as a USB hub. Some hardware key loggers do not require drivers to be installed on the computer at all - they are self contained units which store the data on on-board memory. Of course the attacker would need to come back and retrieve the device later to view the logs.
A visible inspection of the computer is the only reasonable way to prevent it. A hardware key logger will be a fairly obvious piece of hardware inline between the keyboard and the computer.
A visible inspection of the computer is the only reasonable way to prevent it. A hardware key logger will be a fairly obvious piece of hardware inline between the keyboard and the computer.
ASKER
I've seen keyloggers that sit on a PCI or PCI-Mini slot. Since any new piece of hardware is detectable in the device manager, it is detectable. Is there a software solution that blocks or alerts to the presence of 'unapproved' hardware?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Good information provided but still does not offer a great solution.
1) If possible, disable installation of drivers on the PCs. This will block most hardware and low-level software keyloggers. This also disables USB drives and such as well, so just be aware of that.
2) In a TPM environment, it may be possible to block unknown hardware. Similar to #1, but at a more hardware level block.
3) Ensure antivirus and anti-malware software is installed and fully updated on all PCs.
4) This URL has some information on tools that help detect keyloggers: http://www.how-to-spy-computers.info/2008/12/30/how-to-block-a-keylogger/