Key Logging Ppt (2)
-
Upload
jayant-pai -
Category
Documents
-
view
81 -
download
6
Transcript of Key Logging Ppt (2)
KeyStroke Logging KeyStroke Logging and its and its Countermeasures Countermeasures
SEMINARSEMINAR GUIDE : GUIDE :Ms. Ms. Sharada.K.
Seminar by:Seminar by:MEGHASHREE.V.NADIGER.MEGHASHREE.V.NADIGER.2KA06IS016
1Key logging.
ContentsContentsWhat is keylogging?
Different types of keylogging
Countermeasures Technological methods Non-technological methods
Conclusion
2Key logging.
Keystroke loggingKeystroke logging Key-logger is a
surreptitious surveillance application, which is used to keep record of user's activities on the computer.
Key logging is the capture of typed characters.
Key logging has both lawful and unlawful applications.
3Key logging.
How Keyboards workHow Keyboards work
Key logging. 4
Different types of Different types of KeyloggersKeyloggersSoftware keyloggers Capture keystroke information as it passes between the
computer keyboard interface and the OS. The logger resides in the o.s kernel and interprets the
keystokes. The keyloggers can be detected only by HIPS(Host
intrusion prevention software). They do not show up in the list of running processes and
run without the knowledge of the user. Detection methods.
5Key logging.
Different types of Keyloggers Different types of Keyloggers (contd)(contd)
Hardware keyloggers Device placed inline with the c.p.u port and the
keyboard pin. In case of laptops, a circuit is printed within the
keyboard or the devices are installed within. Bluetooth keyloggers provide the advantage of accessing
the information directly without retrieving the device from the system it is attached.
6Key logging.
The text saved in the log of the keylogger and The text saved in the log of the keylogger and the various types of keylogging devices.the various types of keylogging devices.
7Key logging.
Different types of Keyloggers Different types of Keyloggers (contd) (contd)
Wireless keyboard intercept Uses 27 MHz RF connection that covers a 6 feet radial
distance. The keystrokes are flagged in the keyboard so that the
receiver can process it. This enables the R.F device to convert the captured
packets into corresponding character streams. If a workstation is processing highly sensitive
information, don’t use 27 MHz wireless keyboards. The disadvantage is that wireless intercept keyloggers
need a receiver/antenna relatively close to the target system.
8Key logging.
Different types of Keyloggers Different types of Keyloggers (contd)(contd)
Acoustic keylogging
The keylogger listens to the key typed on the
keyboard and converts them into character streams. These devices are also used to remotely listen to
conversations and convert them into the required language script.
Such microphones can be placed in the target work area or can be buttoned to an individual. Parabolic microphones are an example of a long distance device.
9Key logging.
Technical countermeasuresTechnical countermeasures
Code signingCode signing Code signing is the process of digitally signing
executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted.
Anti-spywareAnti-spyware Spyware is a type of malware that is installed
on computer and collects little bits information at a time about users without their knowledge.
Anti-spyware applications are able to detect many keyloggers and cleanse them. Responsible vendors who monitor software support, detect keyloggers by anti-spyware programs, thus preventing the abuse of the software.
10
Key logging.
FirewallFirewall
Frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets
Enabling a firewall does not stop keyloggers , but can prevent the remote installation of key logging software, and possibly prevent transmission of the logged material over the internet if properly configured.
11Key logging.
Automatic form filler programsAutomatic form filler programs Form fillers are primarily designed for web browsers to fill in
checkout pages and log users into their accounts. Once the user's smart card information has been entered into the program, it will be automatically entered into forms without ever using the keyboard or clipboard, thereby reducing the possibility that private data is being recorded.
One-time passwords (OTP)One-time passwords (OTP)
Using one-time passwords is completely keylogger-safe because the recorded password is always invalidated as soon as it's used.
One example is online banking.
12
Key logging.
Keyboard image is displayed with all its keys on the screen.
User presses the keys by clicking with a mouse.
Some commercial key logging programs do not record typing on a web-based virtual keyboard.
13
Web-basedWeb-based keyboards keyboards
Key logging.
14Key logging.
Online form filling using web Online form filling using web based virtual keyboards.based virtual keyboards.
15Key logging.
Anti-keylogging softwareAnti-keylogging software
It will disable this hook mechanism so the text will never reach the key logger program. Consequently, it will break some other programs that rely on this hook mechanism. Keylogger detection software is also available. Some of this type of software use "signatures" from a list of all known keyloggers. It provides a hotkey combination to quickly disable or enable typing protection.
Speech recognitionSpeech recognition Speech-to-text conversion software can also be used
against keyloggers, since there are no typing or mouse movements involved.
16Key logging.
Non-technological methodsNon-technological methods
Some keyloggers can be fooled by alternating between typing the login credentials and typing characters somewhere else in the focus window. Similarly, a user can move their cursor using the mouse during typing, causing the logged keystrokes to be in the wrong order e.g. by typing a password beginning with the last letter and then using the mouse to move the cursor for each subsequent letter.
Another very similar technique utilizes the fact that any selected text portion is replaced by the next key typed. E.g. if the password is “COMPUTER", one could type “C", then some dummy keys “pqrs". Then these dummies could be selected with mouse, and next character from the password “O" is typed, which replaces the dummies “pqrs".
17Key logging.
Conclusion.Conclusion. A keylogger is a type of software that is used for
keystroke logging, which is the practice of monitoring the keys that are punched on a computer keyboard. Keylogging is often done for nefarious purposes, like stealing passwords and banking information. Antispyware programs, firewalls, network monitors and automatic form filler programs can all be used as protection against keylogging programs.
18Key logging.
THANK YOU
19Key logging.