Maintaining a secure network environment requires you to address an ever-expanding range of vulnerabilities. Spending too much time and energy on one area can blind you to loopholes in another. There are some frightening developments in the arena of information gathering, such as keystroke-capturing devices.
A keystroke-capturing device is a small hardware device that is attached to a computer system without the knowledge of the intended victim. Usually they are attached between the computer case and the keyboard connector and are so small that most of us would not even notice their presence.
For example, take a look at the Key Katcher at ThinkGeek. This small round connector is not even two inches long. It makes no changes to the computer's functionality and is impossible to detect with software. It only takes three seconds to install and can capture 65,000 keystrokes. Once you retrieve it, just attach it to another system and enter your password into a text document to launch the internal control tool to extract the contents, such as usernames and passwords. Plus, anyone that walks through your office regularly can plan and retrieve this without being noticed.
Fortunately, there are countermeasures to this device -- biometrics. If you do not rely exclusively on passwords for account authorization, a key-logging device will do a potential thief little good. One biometric you can deploy immediately without any additional hardware is a keystroke dynamics barrier, such as BioPassword (for Windows NT and 2000 only). This product creates a template of each user's typing rhythm when they enter their username and password. Your typing rhythm is as unique to you as your handwriting, fingerprints and voice. When a user attempts to log on, they are only granted access if their rhythm matches their stored rhythm profile.
About the author
James Michael Stewart is a researcher and writer for Lanwrights, Inc.
This was first published in April 2002