How to detect and prevent keylogger attacks

Keyloggers are applications or devices that monitor the physical keystrokes of a computer user. They then either aggregate the information locally for later retrieval or send it off to a spyware server on the Internet. Some businesse...

BROWSE BY TAG Threat Monitor,   Application and Platform Security,   Web Security Tools and Best Practices,   Web Browser Security,   Malware, Viruses, Trojans and Spyware,   Information Security Threats,   VIEW ALL TAGS

RELATED CONTENT Threat Monitor Server Message Block Version 2 security in question: Disable or patch? Preparing for future security threats, evolving malware Best practices for (small) botnets Cut down on calls to help desk with cybersecurity awareness training How to detect software tampering How to prevent phishing attacks with social engineering tests An enterprise strategy for Web application security threats How SSL-encrypted Web connections are intercepted How a corporate Twitter policy can combat social network threats Cyberwarfare and the enterprise: Is the threat real? Web Browser Security Microsoft warns that IE zero-day vulnerability causes data leakage Browser exploit kit probe highlights need for patching, vigilance Google to pay for Chrome browser vulnerabilities Attackers continue barrage of SEO attacks Microsoft emergency IE update to block latest corporate attacks Facebook, McAfee partner to fix social network security issues Firefox, Opera, Safari browsers top list of high risk software Mozilla fixes Firefox critical memory corruption errors FBI estimates rogue antivirus losses exceeding $150 million Adobe updates Flash Player, fixes seven serious vulnerabilities Web Browser Security Research Malware, Viruses, Trojans and Spyware Malware in Google attacks uses spaghetti code Preparing for future security threats, evolving malware Facebook attacks prompt investments in social networking security Another PDF attack targets Adobe zero-day vulnerability Security report finds rise in banking Trojans, adware, fewer viruses How to prevent rogue antivirus programs in the enterprise How to stop keylogging malware with more than basic antivirus software, firewalls Conficker-infected machines now number 7 million, Shadowserver finds FBI estimates rogue antivirus losses exceeding $150 million Security researchers continue hunt for Conficker authors

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary browser hijacker  (SearchSecurity.com) cache cramming  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) honey monkey  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) NCSA  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

s use keyloggers, such as with the Spector Pro system, to monitor employee activity, but the vast majority are applications installed without the user's knowledge as part of a software download or system intrusion.

The true danger posed by keyloggers is their ability to bypass encryption controls and gather sensitive data directly from the user. All the encryption in the world will not secure your data if a hacker watches you type your encryption key. He can then simply use that plaintext key to decrypt all of your "protected" communications from that point forward!

Here are five steps you can take to detect existing spyware and prevent future infections on your network:

1. Install spyware filters at the host level. There are plenty of spyware scanners available on the market. If you're looking for an inexpensive solution, you might consider Microsoft's beta tool, Windows Antispyware, Spybot or AdAware. Many commercial antivirus vendors, such as McAfee, also have spyware filters available that snap in to your enterprise antivirus solution.
   
   
2. Install an application gateway with spyware content filtering. We're just starting to see the emergence of spyware appliance solutions that operate at the network level. One such system is the Blue Coat Spyware Interceptor. If your budget can bear it, you might consider this type of solution.
   
   
3. Place egress filters on your network. It never hurts to have a good set of egress filters on your network. They might assist in blocking spyware attempting to "phone home."
   
   
4. Monitor your intrusion-detection system (IDS) and keep the signatures current. If you're not able to block spyware from phoning home, you might at least be able to detect it with your IDS and use the reports to identify infected systems.
   
   
5. Prevent users from installing downloaded software. Most spyware installations are the result of users installing unauthorized software downloaded from the Internet. If your organization's security policy permits, you should implement technical controls to prevent this type of activity.

About the author
Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.