Keylogger detection

I'm now implementing full system encryption (Truecrypt) on all of my workstations and laptops.  All of this security is worthless if an adversary slips a hardware keylogger into my network.  Since the operating system registers key events they must be traceable.  Hardware key logging devices can connect to both PCI or USB plugs.  How to I block such an attack?
Phil5780Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

 
geowrianCommented:
Some ideas to consier - I haven't used them myself, but I hope they will give you an idea of options available.
1) If possible, disable installation of drivers on the PCs. This will block most hardware and low-level software keyloggers. This also disables USB drives and such as well, so just be aware of that.
2) In a TPM environment, it may be possible to block unknown hardware. Similar to #1, but at a more hardware level block.
3) Ensure antivirus and anti-malware software is installed and fully updated on all PCs.
4) This URL has some information on tools that help detect keyloggers: http://www.how-to-spy-computers.info/2008/12/30/how-to-block-a-keylogger/
0
 
Frosty555Commented:
A hardware key logger is difficult to detect in software. If they do show up in device manager on the computer, they will appear as a fairly generic hardware such as a USB hub. Some hardware key loggers do not require drivers to be installed on the computer at all - they are self contained units which store the data on on-board memory. Of course the attacker would need to come back and retrieve the device later to view the logs.

A visible inspection of the computer is the only reasonable way to prevent it. A hardware key logger will be a fairly obvious piece of hardware inline between the keyboard and the computer.
0
 
Phil5780Author Commented:
I've seen keyloggers that sit on a PCI or PCI-Mini slot.  Since any new piece of hardware is detectable in the device manager, it is detectable.  Is there a software solution that blocks or alerts to the presence of 'unapproved' hardware?
0
 
Frosty555Commented:
This might be useful to you then:

Managing Hardware Restrictions via Group Policies
http://207.46.16.252/en-us/magazine/2007.06.grouppolicy.aspx

Just I don't think it's a 100% fool-proof solution, since it still wouldn't stop keyloggers that just sit inline with a PS/2 keyboard and sniff the keyboard signal.
0

Experts Exchange Solution brought to you by ConnectWise

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
 
Phil5780Author Commented:
Good information provided but still does not offer a great solution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.