Keyloggers are becoming commonplace methods for intruders to gain access to unauthorized systems by recording user keystrokes as they occur on the arbitrary machine, or in our case, our SharePoint Portal or Windows SharePoint Services server. Protecting your server from keyloggers is a fairly crucial measure in any security structure, ensuring your full control of your machines without worrying about compromising it to hackers.
Keyloggers can exist on two different levels, both on a hardware and software level. There are a range of available hardware keyloggers, ranging from those which are fairly easily to detect such as those that attach inline between the keyboard cable and those which bind to a port where the keyboard is installed, or those which are placed directly into the keyboard or laptop machine. Retrieving the data from the target machine can vary heavily depending on the application used, which has its own implications.
The most common way is to slip a trojan or other remote access application that allows the user direct access to the machine to query the log generated by the keylogger. Because SharePoint machines are often hooked into MS exchange servers, typically the information can automatically be sent via using email, which is slightly more elegant than the former technique because it lessens the trail detection and gives less evidence to forensic computer analysts.
Securing your SharePoint environment for keylogger is as important as web and network layer security. The SPS AKL is composed of two main modules that help you harden your SharePoint environment, one for detection and another for management. The central processing portions are kept as a windows service that will need to be installed.