Vesik method
1 January 2007
In early November 2006, I wrote about how to foil keyloggers. The Vesik Method, outlined in the article, improves your level of security when you suspect a computer is harvesting your keystrokes but are in dire need of checking your bank account, email, or other sensitive service.
Because I’ve been travelling for the last 3 months in Asia, I have had access only to public computer terminals, mostly internet cafes. The majority of the computers I get to use are sputtering and coughing from infection, so I’m sure some are indeed logging my keystrokes. I’ve been using the Vesik Method to minimize the danger, so far with good results. None of my passwords appear to be compromised, despite entering them onto some of the most spyware-polluted computers I’ve seen.
Give it a try the next time you’re in the same situation.
Read more about security
Comment by Tom — 4 January 2007 @ 2:40 pm
Very nice creativity, Ian. It’s very practical.
FYI,
IE6 Was Unsafe 284 Days In 2006, http://it.slashdot.org/article.pl?sid=07/01/04/162238&from=rss
Comment by Ian Saxon — 4 January 2007 @ 10:23 pm
Hi Tom,
Yes, history isn’t looking back in IE6 well. PC Magazine named the browser the 8th Worst Tech Product of All Time: http://www.pcworld.com/article/id,125772-page,3/article.html#
Let’s hope IE7 does better, if only because so many people will use IE no matter the alternatives.
Ian
Comment by Ms Jackson — 8 January 2007 @ 12:04 pm
I have a couple of questions regarding intranets. First, how secure is an intranet system? For example, when a company uses its intranet can outside internet users gain access to the data without gaining the entry codes from one of the account members?
Second, when, for instance, an office is connected and has a giant shared directory that’s managed by a nice and efficient IT team and everyone can see each other’s Outlook Calendars to schedule meetings etc etc. How secure are the private drives? say, if an S drive is a shared drive and a U drive is an individual user’s drive.. and what is the likelihood that someone outside of the office network could access the network? does remote access to Outlook greatly decrease the network’s security?
Thanks for your help when you have minute,
Ms Jackson
Comment by Ms Jackson — 8 January 2007 @ 12:06 pm
Pardon me again, I meant to ask if something like the Vesik Method be of any use in an office network?
Comment by Ms Jackson — 8 January 2007 @ 12:14 pm
Oh I apologize, I didn’t have my thoughts in order when I first posted:
Can an IT Team track the internet usage (in terms of sites visited) of company employees?
Comment by Andy Herm — 9 January 2007 @ 8:32 am
I’ve been called in to give my two cents on network security (actually, it’s worth a little more than 2 cents, or at least the UBC library thought it was worth slightly more than than while employing me for the last 4 years as an assistant system administrator). Anyways, here’s my answers to your questions:
“First, how secure is an intranet system?”
To use the old adage, a chain is only as secure as its weakest link. If there is an unprotected, or even worse, a compromised machine on the office intranet, it is quite possible to compromise the entire office network. If a “Trojan” or “backdoor” virus has infected one machine, hackers may well be able to use that machine as a gateway to access other machines or to infect them as well. That being said, if all of the machines are properly secure and protected, an office intranet can be very secure. Additionally, because of the added firewalls and monitoring that a decent office network system administrator would employ, the intranet can be even more secure than just the individual machines connecting to the web on their own. Because information must pass across monitored channels (e.g. the router and switch), the sysadmin can look for suspicious traffic. He or she can also attempt to ensure that all of the machines on his or her network are protected. There is also, however, the possibility that in the interests of efficiency or ease of use, the sysadmin has relaxed some of the built-in safeguards (such as turning on universal network shares) that exist between other computers on the internet, making the office network computers less secure. The general security of office networks varies greatly and it’s a complex issue.
“For example, when a company uses its intranet can outside internet users gain access to the data without gaining the entry codes from one of the account members?”
It is possible, if an infected machine is connected to the network, for unauthorized access to take place. This also depends on what sort of additional protective measures the sysadmin has taken. If, for example, the unauthorized user is attempting to get files to which the infected machine doesn’t have access anyways, it is unlikely that those files will be compromized. Think of it as “what could someone do if they were physically sitting at this computer when it is logged in” That’s pretty much the worst case of what an infected computer could allow access to. Most office networks, however, have additional safeguards that will lock out most, if not all, unauthorized access. Office networks are unique, however, and it would be best to address these questions directly to your system administrator if you are concerned about your security and privacy at work.
“Second, when, for instance, an office is connected and has a giant shared directory that’s managed by a nice and efficient IT team and everyone can see each other’s Outlook Calendars to schedule meetings etc etc. How secure are the private drives? say, if an S drive is a shared drive and a U drive is an individual user’s drive.. and what is the likelihood that someone outside of the office network could access the network?”
Again, the security of the office network is unique so I can’t say for sure how secure your network is. That being said, if the system is set correctly, only someone with a username and password authorized for access to your U drive logged onto a computer connected to the office intranet (either physically or through a virtual private network, if that’s enabled) will be able to access your files. This doesn’t, however, mean you’re the only one with access. The IT staff users likely have administrative access to the machines that host your files and probably have physical access to the computers as well. If their accounts are compromised, you folder will be at risk as well. There is also a remote possibility that your password could be “brute force” hacked – basically through just trial and error, intruders could figure out your or the administrative passwords and could access your data that way. It may be best to ask your sysadmin what sort of safeguards are in place against an outside attack in addition to what sorts of security measures are in place to prevent and, if necessary, address an intrusion either through a virus or other type of hack.
“does remote access to Outlook greatly decrease the network’s security?”
Opening any additional “ports” for network traffic, by definition, creates more opportunities for security breaches. That being said, there are often compelling reasons to open ports (for convenience of checking e-mails and calendars at home, for example) that necessitate the addition of risks. It is the system administrator’s job to see to it that these risks are minimized. Outlook remote accessibility, in particular has had a number of vulnerabilities exposed and does put your network and your data more at risk than it otherwise would be. If it is absolutely necessary to have remote access to Outlook, there are ways of minimizing this risk, but the simple answer to your question is “yes, it does.”
“Pardon me again, I meant to ask if something like the Vesik Method be of any use in an office network?”
Ian, or indeed, the brilliant author of this technique, Ms. Vesik, may be more qualified to answer this question, but from my understanding, the Vesik Method is of use any time one is on an unknown or possibly infected computer in which a keylogger may be recording one’s keystrokes for later interpretation. If you don’t trust your office network and you suspect the computer you are using may be infected with a keylogger, the Vesik Method would certainly be of use. If, however, you believe your computer to be free of Malware, particually keyloggers, the the Vesik Method would be of little use to you.
“Can an IT Team track the internet usage (in terms of sites visited) of company employees?”
Yes. And many do (though not all). There are special programs that run either on servers, on web switches, or on the individual computers themselves (which of these is/can be employed depends on the network setup) that are designed specifically to track the computer usage of individuals without their knowledge. Administrators may just check the “history” file, which can be cleared easily, or they may employ other software or techniques. It is suprisingly easy to keep tabs on employees using office computers.
Hope that answers your questions. If you have any more concerns, I’m happy to help.
Andy
Comment by Tom — 9 January 2007 @ 3:00 pm
In my opinion, Intranet is pretty safe. But more services are provided (e.g. web, email, remote access), more vulnerable the Intranet becomes. The weakest link is desktop computer. The biggest threat is “Trojanâ€/“Backdoorâ€, which IE is friendly with. Once the desktop is bugged, the Intranet will be exposed to the outside world.
To prevent intrusion or monitor from Intranet, you have to have administrator right on your own desktop, which gives you the permission to install anti-spy tools.
Comment by Ian Saxon — 11 January 2007 @ 6:04 am
Andy and Tom, thank you very much for your input. My expertise is certainly not in the realm of intranets and networking, so I appreciate the help in this area. Hope it helps Ms Jackson.
Ian