Propuesta de un sistema anti-keylogger para proteger despliegues y configuraciones de servicios cloud.

Abstract

Keyloggers represent a considerable threat to the integrity of systems and the confidentiality of sensitive data by covertly recording keystrokes. To counteract this vulnerability, a proposal for a basic anti-keylogger system has been made because of the workshop "approach of good security practices for cloud and IoT environments", developed in the academic space Security of cloud and IoT Services, taught in the Specialization "Management of Information Technology Services", at the University of Santo Tomas. It uses basic techniques for monitoring keyboard events, detection of suspicious background processes, encryption of keystrokes in sensitive information transmission environments. This work addresses the implementation of a basic system specifically designed to strengthen security during the processes of deployment and configuration of cloud services. Extensive and thorough research was conducted to support the focus of this work, analyzing in detail the different types of keyloggers and how they operate. During the analysis, it was discovered that, in most of the connections to virtual machines provided for IaaS services, vulnerabilities can arise, mainly originating from the absence of keylogger protection. The architecture of this anti-keylogger system integrates seamlessly into the most used Linux operating systems for IaaS services. Its effectiveness and versatility make it an essential tool for ensuring the security of confidential data in cloud service environments. This article aims to provide a complete overview of the functionalities and advantages of this software, as well as to encourage its adoption in the community of cloud services users.