Home Forums SQLServerCentral.com Editorials Keyboard Hardlines RE: Keyboard Hardlines

  • August 17, 2016 at 10:47 am

    #1895967

    TomThomson (8/11/2016)

    It seems to me that wireless keyboards are OK in individual offices (and in hotel rooms, which was the first case I looked at way back in 2002 or 2003) provided the signal is sufficiently low powered and the walls/doors/windows make the signal unreadable from outside the room/office. They are not OK for use in rooms where people with different privileges (or even different logins with the same privilages) are likely to be simultaneously present. I find it quite shocking that the domumantation referenced in the editorial doesn't reference anything before 2009, but suspect that that's a result of nothing being publised in reputable journals in the early days.

    I don't think wireless mouse is a security problem that will hand out information to atackers but it is a problem in that it allows an attack using injected mouse movements or interference that corrupts or loses mouse moveents - in particular a denial of (mouse) service attack - (and it could make you bankrupt through costing an incredible amount of money on batteries without anyone conducting an attack if it's not a rotor ball incorporated in the keyboard, or some equally low-power "mouse").

    To add on to that - you'd want to ensure that you either employ NO wireless keyboards of mice in your data center or that you have appropriate dampening or interference in place. Forget key-logging - you could hijack the server simply by being able to remotely access the dongle that's plugged in. If you're not careful - wireless accessories plugged into machines within the data center could easily nullify your physical security controls.

    If an admin steps away from the front of a machine within the datacenter, leaving it unlocked - you just have to connect to the little dongle, and voila - server access with admin privileges.

    ----------------------------------------------------------------------------------
    Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?