Safe Computing

WHAT IS KEYLOGGING

“Keylogging” is a way for hackers to get information from your computer. A hacker can install software or a physical device onto your computer. Both enable a hacker to track everything you type on your keyboard. This includes passwords, e-mail, Web sites visited, credit card information — anything you type.

How did I get it?

Keylogging software can be installed onto your computer in many ways. You can inadvertently download them from the Internet via a Web site. They can be installed as spyware on your system when you install another program. Some viruses deposit a keylogging program onto your system. If someone had access to your computer they could also install a software program that would monitor your keystrokes. Installation of physical keylogging devices requires access to your computer. A device is installed, usually between your keyboard and your CPU.

HOW TO AVOID KEYLOGGING MAIN SECTIONS – 2 BELOW ARE SUBSECTIONS

—How do I keep keylogging SOFTWARE from being installed on my computer?

The best protection against keylogging software is the same as any other malicious software:

  • Be suspicious about anybody who asks to perform maintenance or work on your computer. Be sure to check for an identification card or badge and check with your IT staff to ensure that they are authorized.
  • Always keep your computer’s operating system up to date with security patches.
  • Use anti-virus and spyware removal software. Be sure the software and its definitions are kept up to date.
  • Use “on access scanning” to ensure files are checked with latest capabilities before use each time
  • Use periodic system scanning, such as weekly, to catch malicious files that got on the system before definitions were updated.
  • Do not rely on virus removal software or techniques — once a system has been compromised the only way to be certain it is clean is to reformat the hard drive and reinstall the operating system.
  • Do not connect any peripheral, including “safe” devices like mice, that was not purchased from a store or provided by IT. Be especially wary of any free samples, gifts, or lost devices.

—What can I do to avoid being a victim of a HARDWARE-based key logger?

A hardware key logger can be minuscule and still provide extensive features, but they require physical access to be installed (even if that involves tricking you or someone else into attaching it). To protect against hardware key loggers:

  • Check the keyboard connection to your computer and ensure that there is not a cable, or even a small plug, installed between the keyboard cord and the CPU.
  • Check the keyboard for missing screws or other signs that it has been opened.
  • Be suspicious about anybody who asks to perform maintenance or work on your computer. Be sure to check for an identification badge and check with your IT staff to ensure that they are authorized.
  • Do not use wireless keyboards unless it uses an encrypted connection that has been approved by IT Security.
  • Do not use keyboards, mice, or any other peripheral that was not purchased from a store or provided by IT. Be especially wary of any free samples, gifts, or lost devices.

University faculty, staff, and students must be vigilant in their efforts to secure their computers and information resources. Please be alert to attempts to gain access to computer information by keeping the following points in mind:

  • All IT staff carry an S&T that should be asked for.
  • IT staff only work on systems at the request of the department.
  • If you see someone suspicious in your work area, ask them specifically who they work for and ask for contact information for that person. Always verify an individual’s identity prior to allowing them access to your computer.
  • If you suspect that you have been a victim of suspicious or malicious activity related to computer security, contact IT Security at ——— immediately. Preservation of the tampered system and a timely investigation are imperative to limiting damage and finding a suspect.

WHAT TO DO IF YOU SUSPECT IF YOU’VE BEEN A VICTIM OF KEYLOGGING