Tip

Countermeasures to key logging



Maintaining a secure network environment requires you to address an ever-expanding range of vulnerabilities. Spending too much time and energy on one area can blind you to loopholes in another. There are some frightening developments in the arena of information gathering, such as keystroke-capturing devices.

A keystroke-capturing device is a small hardware device that is attached to a computer system without the knowledge of the intended victim. Usually they are attached between the computer case and the keyboard connector and are so small that most of us would not even notice their presence.

For example, take a look at the Key Katcher at ThinkGeek. This small round connector is not even two inches long. It makes no changes to the computer's functionality and is impossible to detect with software. It only takes three seconds to install and can capture 65,000 keystrokes. Once you retrieve it, just attach it to another system and enter your password into a text document to launch the internal control tool to extract the contents, such as usernames and passwords. Plus, anyone that walks through your office regularly can plan and retrieve this without being noticed.

Fortunately, there are countermeasures to this device -- biometrics. If you do not rely exclusively on passwords for account authorization, a key-logging device will do a potential thief little good. One biometric you can deploy immediately without any additional hardware is a keystroke dynamics barrier, such as BioPassword (for Windows NT and 2000 only). This product creates a template of each user's typing rhythm when they enter their username and password. Your typing rhythm is as unique to you as your handwriting, fingerprints and voice. When a user attempts to log on, they are only granted access if their rhythm matches their stored rhythm profile.


About the author
James Michael Stewart is a researcher and writer for Lanwrights, Inc.


This was first published in April 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.