1. Software based keyloggers.
2. Hardware based keyloggers.
The two types of remote keyloggers, hardware and software, work in the same basic manner.
1. Software based keyloggers
The software based keylogger runs as a hidden/invisible process that intercepts (logs) all keystrokes typed on the computer on which it is running.
The software based keylogger then delivers the keystrokes, at set intervals, to certain specified destinations such as to the email address of the person who configured the keylogger to intercept the keystrokes....!!!!
Software Keyloggers can be :
1. Hypervisor-based (keylogger hides itself in a malware process)
2. Kernel based (keylogger reside at the kernel level and are thus difficult to detect)
3. Hook based
2. Hardware based keyloggers
The hardware keylogger typically plugs into the keyboard connector on the back of a computer, then the end of the keyboard cable plugs into the hardware keylogger, and all keystrokes are intercepted (logged) by the keylogger device.
The hardware remote keylogger delivers the keystrokes wirelessly, via bluetooth or other standard wireless transmission means (802.11 wireless networking), into the air around the computer.
The person who configured and installed the hardware or software keylogger recovers the keylogger's keystrokes, either by receiving that information via email from the software keylogger, or by receiving the hardware keylogger's keystrokes by being nearby, with a network receiver, keyed to the keylogger's frequency and access code. The recipient of the keylogger information then proceeds to "replay" the keystrokes, in order to determine passwords and other sensitive information that was typed by the person on whose computer the keylogger was installed.
Countermeasures:
Although there are many Anti-Keylogging softwares available in the market now a days... and with the increasing Security updates of AntiVirus and Internet Security Softwares.... The presence of SOFTWARE Based Keyloggers can be detected. Enabling a firewall does NOT stop keyloggers , but can prevent the remote installation of key logging software, and possibly prevent transmission of the logged material over the internet if properly configured...!!
However there is nothing we can do with HARDWARE based Keyloggers....!!
Only Denial of physical access to sensitive computers, e.g. by locking the server room, is the most effective means of preventing hardware keylogger installation. Visual inspection is the primary means of detecting hardware keyloggers, since there are no known methods of detecting them through software.
2. Hardware based keyloggers.
The two types of remote keyloggers, hardware and software, work in the same basic manner.
1. Software based keyloggers
The software based keylogger runs as a hidden/invisible process that intercepts (logs) all keystrokes typed on the computer on which it is running.
Software Keyloggers can be :
1. Hypervisor-based (keylogger hides itself in a malware process)
2. Kernel based (keylogger reside at the kernel level and are thus difficult to detect)
3. Hook based
2. Hardware based keyloggers
The hardware keylogger typically plugs into the keyboard connector on the back of a computer, then the end of the keyboard cable plugs into the hardware keylogger, and all keystrokes are intercepted (logged) by the keylogger device.
The hardware remote keylogger delivers the keystrokes wirelessly, via bluetooth or other standard wireless transmission means (802.11 wireless networking), into the air around the computer.
The person who configured and installed the hardware or software keylogger recovers the keylogger's keystrokes, either by receiving that information via email from the software keylogger, or by receiving the hardware keylogger's keystrokes by being nearby, with a network receiver, keyed to the keylogger's frequency and access code. The recipient of the keylogger information then proceeds to "replay" the keystrokes, in order to determine passwords and other sensitive information that was typed by the person on whose computer the keylogger was installed.
Countermeasures:
Although there are many Anti-Keylogging softwares available in the market now a days... and with the increasing Security updates of AntiVirus and Internet Security Softwares.... The presence of SOFTWARE Based Keyloggers can be detected. Enabling a firewall does NOT stop keyloggers , but can prevent the remote installation of key logging software, and possibly prevent transmission of the logged material over the internet if properly configured...!!
However there is nothing we can do with HARDWARE based Keyloggers....!!
Only Denial of physical access to sensitive computers, e.g. by locking the server room, is the most effective means of preventing hardware keylogger installation. Visual inspection is the primary means of detecting hardware keyloggers, since there are no known methods of detecting them through software.
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.