www.cbetech.com
1-800-YES-TECH
|  |
|
|
Security tip
by James A Conz, Principal Security Architect
Is it safe to use the computers in Internet cafes and libraries to logon to my corporate email account?
In a word: No. Any time you use an un-trusted computer, there is the possibility that your keystrokes are being captured by any number of spyware tools known as “keystroke loggers.” These utilities come in both hardware and software forms. As hardware, they generally appear as little “adapter” that gets plugged in between the keyboard and the computer, usually well out of view. The software variants can be installed without the user knowing through web sites, mail attachments, and may even be hidden in legitimate software. Both silently and illicitly capture keystroke for later collection. Some of the software-based tools will even deliver the information to the eavesdropper via email on a regular basis! Both the hardware and software versions can be easily installed on a computer system, even one that is ostensibly trusted, without the owner’s or users’ awareness.
How do you protect against this type of threat? First and foremost, ensure that your user community is aware of the threat posed by spyware. Secondly, protect your corporate resources by using a strong, two-factor authentication capability such as tokens (RSA/SecurID) or biometrics (SafLink). This way, if an end user’s keystrokes are captured, they cannot be replayed later to gain access to your corporate resources. And finally, make sure you’re protecting your own hosts against spyware by deploying intrusion prevention and anti-spyware software (e.g., Cisco Security Agent, PestPatrol).
Have a question you would like to ask our expert?
|
|
|
