hardware key logger

Is there anything that companies / security departments can do to protect against hardware based key logger devices?
LVL 4
pma111Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
You can disable USB ports by Group Policy.
https://social.technet.microsoft.com/Forums/windows/en-US/0be0c42b-950c-4a16-8be6-3f3a3d22e712/process-for-usb-port-blocking-via-active-directory-group-policy?forum=winserverGP

Make sure no user has Admin Rights to their computer.

Today almost no machine needs a DVD player so remove those.
0
masnrockCommented:
1) Disable unused USB ports.
2) Physically prevent access to the USB ports.
3) In cases where users don't have any reason to touch the computer itself, lock it in a case or cabinet of some sort.
1
pma111Author Commented:
how would keyboards and mice work if all USB ports were completely disabled.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

Dr. KlahnPrincipal Software EngineerCommented:
Very little other than physically inspect the machines in question.  Hardware keyloggers are designed to be undetectable from software, and nobody ever looks around the back of a machine to see if the keyboard is plugged directly into the USB or PS/2 port.

I suppose that one could file a tiny hole at the top of the case, run the keyboard cable through it, connect a USB keyboard to an internal USB port, and rely on the case intrusion switch to throw an alarm, but that makes servicing keyboards a bit of a chore.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dr. KlahnPrincipal Software EngineerCommented:
Today almost no machine needs a DVD player so remove those.

Eh?
1
JohnBusiness Consultant (Owner)Commented:
Haven't used a DVD player in half a decade.
0
JohnBusiness Consultant (Owner)Commented:
how would keyboards and mice work if all USB ports were completely disabled.

Use Bluetooth Keyboard and Mouse.
1
masnrockCommented:
how would keyboards and mice work if all USB ports were completely disabled.
The assumption is you wouldn't disable the ports you actually need.

While DVD drives get used less than they used to, they still have quite a bit of usefulness. And for various reasons. Entertainment being one (not everything is available for streaming, nor would one always been in a place with internet available)... we happen to have use cases of training videos (the vendor charged an arm and a leg for the streaming version)
0
JohnBusiness Consultant (Owner)Commented:
protect against hardware based key logger devices?

How big is this issue? We do not see it at our clients.
0
pma111Author Commented:
A one off incident hopefully.
1
Shaun VermaakTechnical Specialist/DeveloperCommented:
how would keyboards and mice work if all USB ports were completely disabled.
Blocking it in GPO will not block these devices.

Use Bluetooth Keyboard and Mouse.
These have their own security risks.

The only solution is physical security
2
andyalderSaggar maker's framemakerCommented:
Buy a 5-port USB card (these have an internal slot), use wireless mouse/keyboard and plug the transceiver in the internal socket, squirt glue in all external USB ports or disable them with a policy, padlock the case.
0
N8iveITCommented:
Ironically, one of the most overlooked things is to simply physically secure the box itself or purchase something which is physically hardened against this type of thing. I go into TOO many businesses, see the USB ports staring me in the face (and laughing at the need for physical security) from the customer side of the counter ...

If this is a public facing (or factory) device:
1. Put it in a secure box which adequately addresses the environment  ...
2. (I'm with John, above) Purchase a good keyboard / mouse combo with a Bluetooth receiver and go ...

Note: If you think this is too expensive, what does a single data breach cost? At a minimum, customer(s), possibly employee(s) and marketshare ... if not reputation and your business's future.

If you have an issue with employees and need to secure all computers in all offices, you've got a management / HR / policy issue and not a technology issue.
0
pma111Author Commented:
>Ironically, one of the most overlooked things is to simply physically secure the box itself or purchase something which is physically hardened against this type of thing.

Can you provide any examples of such?
0
andyalderSaggar maker's framemakerCommented:
Look at Kensington locks. However many cases have a metal hoop/eye at the back that you can put a padlock through.
0
N8iveITCommented:
Keyboard / mouse combos examples are at https://www.wetkeys.com/SearchResults.asp?Search=wireless or https://techspotsolutions.com/top-5-best-waterproof-bluetooth-foldable-keyboards-in-2017/ (for compact examples).

However, if you are already experiencing "dishonesty" relating to hardware-based keyboard loggers, integrity is already an issue and wireless devices may tend to "walk away" too.

Cheaper, wired USB devices combined with a well-ventilated enclosure may be your most cost-effective alternative.
0
Owen RubinConsultantCommented:
Don’t use wired keyboard or mice to start.
Physicallly inspect machines on a regular basis.
Good antivirus software should detect software versions.
Check drivers for keyboard and mice regularly as well
If in a company, users should not be Admins to prevent locally added software. (Hopefully admins are trustworthy!)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware

From novice to tech pro — start learning today.