Monitoring User Input

Monitoring User Input

Eavesdropping on users, either looking over their shoulder or by electronic means, is a proven method of gathering information. It is easy for an individual to be alert, when entering private information, to the people around them who might be trying to see what is being entered. However, awareness of electronic eavesdropping is more difficult.

Keystroke Monitoring

Keystroke monitoring is the process of electronically looking over someone's shoulder and watching what they are entering on the keyboard. It is accomplished by having a program monitor the terminal port that the terminal is attached to. Keystroke monitoring has become popular with businesses. It can be used to monitor the work habits of employees . It can also be used by hackers to watch what a user types into the computer, including login IDs and passwords.

Keystroke monitoring is often implemented by system owners to monitor the activities of their employees. A compromised monitoring system can be utilized by a hacker to gather invaluable information.

Covert software for keyboard and mouse monitoring has been found which invades web browsers. Once infected, the value of any encryption is lost since the data are intercepted before they are encrypted for transmission.

Remote Display Systems

A system that is running a remote display system is vulnerable to attack if the protocol to transmit the remote display is vulnerable or if the remote system is vulnerable. Remote display servers, such as the X windows system, offer service through a well-known port. Monitoring this port can enable a third party to capture or watch windows , user keystrokes, and more.

Remote display systems need to be able to adequately protect the communications and strongly authenticate the client host and user. Preferably, the system would limit the access based on both the user and the location from which the user has attached. Even with adequate user authentication, all the information passes over the network and generally remote display systems do not encrypt their communications.