Anda di halaman 1dari 4

The contents of this file is released under a Creative Commons license.

The lice
nse under which you will find this file is: Attribution-NonCommercial-NoDerivs 2
.1 Spain can view the full text of this license at the following address: http:/
/creativecommons.org/licenses/by-nc-nd/2.1/es / legalcode.es can view a summary
of the conditions of the license at: http://creativecommons.org/licenses/by-nc-n
d/2.1/es/ These conditions are: You are free: to copy, distribute and transmit t
he work Under the following conditions: • Attribution. You must attribute the or
iginal author. • Noncommercial. You can not use this work for commercial purpose
s. • No Derivative Works. You may not alter, transform or create a derivative wo
rk from this work. • For any reuse or distribution, you must make clear to other
s the license terms of this work. • Any of these conditions can be waived if you
get permission from the owner of the copyright rights arising from fair use and
other limitations recognized by law are not affected by the above.
Defend your PC: safety guide for personal computers
[Chapter 6] Physical Security
Keyloggers
One way to capture the keys pressed on a computer is to install a keylogger. Thi
s is a system that records every keystroke, so that may subsequently be read by
the attacker, either directly on the computer or sent remotely (eg email). Thus,
they do not even need physical access to our computer to obtain the data. This
allows an attacker to read all the data you enter, such as passwords, bank accou
nt numbers, emails, chat conversations, etc ... Clearly the high risk this poses
to our security and our privacy. There are two types of keyloggers:

those based on hardware, such as KeyGhost. These are connected between the keybo
ard and computer, so the attacker would need physical access to our system, both
to install and to retrieve data.
105
Defend your PC: safety guide for personal computers

those based on software such as Ghost Keylogger, which are installed like any ot
her program. Usually incorporate many features such as automatic sending of data
to the attacker, performing screen captures at regular intervals ...
Detecting these types of programs can be quite difficult, since they often use t
echniques to hide and avoid detection. In addition, some viruses and spyware hav
e built keyloggers to steal user information. To detect them we can use software
-based programs such as KL-Detector and Anti-Keylogger, based on detecting if a
file grows continuously when you press keys. In this way, can tell whether a pro
gram is keeping the beats that we made in our keyboard. The hardware keyloggers
can not be detected by software, so we need to verify that our keyboard is conne
cted directly to the computer and not some contrivance unknown among them.
ATTENTION
Not always using a keylogger must be injurious. We can use it as a system backup
of everything we write, which can be very useful for writers, students doing wo
rk or anyone who has to write large amounts of text. The important thing is that
we we who have installed and be aware that it is installed and recording our ac
tivities.
106
Defend your PC: safety guide for personal computers
Notebooks
If we have a laptop we take extra precautions with him than with a desktop compu
ter because this is more vulnerable. First, we take appropriate measures so that
the computer can not be stolen. The first basic step for this is to never lose
sight of the computer, unless it is in a fully secure. If we are in an unsafe pl
ace, we try to get away from it as little as possible. If we are in a public pla
ce where there are frequent robberies, we will not release it ever coming, if ne
cessary, to carry around his neck and crossed, so that we can remove the jerk me
thod. When we are working with him in a public or semi-public can choose to use
safety cables, such as those of Kensington. These cables are steel and can tie u
p the laptop to the table, so that no one can take the computer models that inco
rporate existing alarm to warn of an attempted robbery. To this end,€it is neces
sary that the laptop has the slot for attaching these cables, although today it
is common for most of them incorporated.
107
Defend your PC: safety guide for personal computers
For if we lose or steal the laptop would be helpful if we made a few preventive
measures, both to prevent access to data by the thief as to provide us data. Fir
st, it is only advisable to have activated the password boot both as the operati
ng system. This will stop at least the thief inexperienced, but will not prevent
someone with access to computer knowledge. So the best option is to keep all of
our encrypted data, there are many programs that perform this function and even
some that come with the operating system itself. We should not rely on the prot
ection we can offer office programs (Word, Excel ,...) when we keep the files wi
th a password, since they are easy to detect. Ideally, it also stores all our da
ta in a separate system, either storing it externally via Internet or through a
USB hard drive that will keep your computer away when we're not using it to avoi
d being robbed both simultaneously. In addition, we must be prepared to make a c
omplaint. To this end, we targeted the manufacturer, model and serial number of
your computer, plus keep a copy of the invoice. Thus, we can easily make the com
plaint to the police and, in case the computer is found we can recover much more
quickly to provide evidence that the computer is really ours. It is important t
o realize as soon as the police report in case of theft, since they may greatly
facilitate the recovery of our laptop and the information it contains.
108
Defend your PC: safety guide for personal computers
Security in an unknown network
If you have a laptop and we travel frequently with him, it's easy we need to con
nect to the internal network from where we (work, school ...) We must note, in t
his case, both the safety of our laptop as network where we will access. Wheneve
r we connect to an unknown or unreliable network must be active to make sure our
firewall, with all possible ports closed to the outside. In addition, we must e
nsure that the firewall is configured to protect us from attacks from the networ
k, since sometimes these by default only protect us from attacks from the Intern
et. It is also important that we do not have activated the Windows file sharing
if not needed and, if this is necessary, we must protect it with a good password
. In addition, we should never have access to insecure services (either to send
our password unencrypted over the network, such as POP3 or FTP) when we are in a
n unreliable network, since it is very easy for an attacker to view all data flo
wing through network. The best in these cases will only access services that wor
k over SSL, and HTTPS or POP3 + SSL. It is also important to consider the securi
ty of the network where you access. We must therefore always check that your com
puter is not infected with a virus or worm that can enter the network and infect
other computers, as well as trying not to saturate the available bandwidth with
large file transfers if it is not essential as details of courtesy to other use
rs of that network.
109
Defend your PC: safety guide for personal computers
Wireless Networking
For some time wireless networks are becoming popular due to ease of installation
of these and the convenience of not having to install cable to each of the comp
uters you want to connect. The problem with this type of networks is their lack
of security, being the physical environment through which data travel available
to everyone, that is, either, just standing at the area of wireless network cove
rage can be heard what is being transmitted. Therefore, we only put our wireless
network card so listen and give us a ride down the street to find hundreds of w
ireless networks unprotected and easily accessible. To solve this problem was pr
oposed standard WEP (Wired Equivalent Privacy) which transmits the encrypted dat
a through the network. But this protocol is too weak and poorly designed, making
it really easy to discover which is the key that is used and therefore access t
he network and record the data flowing through it.€There are even programs that
do it automatically and very simply, as Airsnort. Therefore, other protocols hav
e been proposed as WPA (Wi-Fi Protected Access) to improve the security of WEP,
but neither are infallible. That is why we must take certain precautions when in
stalling a wireless network:

Always Enable WPA or, failing that, the WEP protocol. Although these are weak, i
t is better to have them activated to make it harder for a potential attacker.
110
Defend your PC: safety guide for personal computers

Enable MAC filtering (the physical address of the wireless network card) so that
they can only connect to the access point to those cards that we give permissio
n. Use an authentication system, as NoCatAuth. Using antennas that emit only in
the direction of interest. If possible, the wireless network completely separate
from the rest of the network. Install a firewall and give permission only to th
ose who need it.
• • •
ATTENTION
The development of broadband and wireless technologies have led to the emergence
of communities connected through these networks, sometimes offering their own s
ervices and others simply Internet access. If we are interested in the topic can
get in touch with the community of our city, which will inform us promptly. Som
e examples of these communities:
http://www.barcelonawireless.net http://www.madridwireless.net http://www.zarago
zawireless.org
111
Defend your PC: safety guide for personal computers
References
Hardware-based keylogger
http://www.keyghost.com/
Keylogger software-based
http://www.keylogger.net/
Address KL-Detector Download
http://dewasoft.com/privacy/kldetector.htm
Download Address antikeylogger
http://www.anti-keylogger.net/
112