It's now standard practice to have antivirus software and desktop firewalls running on networked systems. However, these defense measures fall

    Requires Free Membership to View

short of protecting systems from a key component of spyware -- keyloggers. So, what's a security administrator to do? Fortunately, there are a number of specialized antispyware packages on the market designed to combat these threats.

More on this topic

Clean your infected system with this step-by-step guide

Test your spyware savvy with this quiz

Get the latest spyware news and advice in our resource center

Keyloggers are applications or devices that monitor the physical keystrokes of a computer user. They then either aggregate the information locally for later retrieval or send it off to a spyware server on the Internet. Some businesses use keyloggers, such as with the Spector Pro system, to monitor employee activity, but the vast majority are applications installed without the user's knowledge as part of a software download or system intrusion.

The true danger posed by keyloggers is their ability to bypass encryption controls and gather sensitive data directly from the user. All the encryption in the world will not secure your data if a hacker watches you type your encryption key. He can then simply use that plaintext key to decrypt all of your "protected" communications from that point forward!

Here are five steps you can take to detect existing spyware and prevent future infections on your network:

Security Seven Awards

TechTarget's Information Security magazine, and Information Security Decisions have created the Security Seven Awards to recognize the achievements of leading information security practitioners in seven vertical industries. Winners will be chosen from the financial services, telecommunications, manufacturing, energy, government, education and health care industries. To nominate an individual for the Security Seven Awards, please complete the form and return it to by Aug. 1, 2005.  

  1. Install spyware filters at the host level. There are plenty of spyware scanners available on the market. If you're looking for an inexpensive solution, you might consider Microsoft's beta tool, Windows Antispyware, Spybot or AdAware. Many commercial antivirus vendors, such as McAfee, also have spyware filters available that snap in to your enterprise antivirus solution.

  2. Install an application gateway with spyware content filtering. We're just starting to see the emergence of spyware appliance solutions that operate at the network level. One such system is the Blue Coat Spyware Interceptor. If your budget can bear it, you might consider this type of solution.

  3. Place egress filters on your network. It never hurts to have a good set of egress filters on your network. They might assist in blocking spyware attempting to "phone home."

  4. Monitor your intrusion-detection system (IDS) and keep the signatures current. If you're not able to block spyware from phoning home, you might at least be able to detect it with your IDS and use the reports to identify infected systems.

  5. Prevent users from installing downloaded software. Most spyware installations are the result of users installing unauthorized software downloaded from the Internet. If your organization's security policy permits, you should implement technical controls to prevent this type of activity.

Spyware, and the associated crime of identity theft, is one of the most important battles currently facing information security professionals. It's time to ensure that your organization is safe. Following these steps will help bring you closer to that goal.

About the author
Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.

This was first published in July 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.