Slashdot Mirror
Ethernet Wiring Through Hostile Territory?
GoogleDidntFindIt asks: "I need to connect a terminal to a server which contains very sensitive information. Unfortunately, the terminal is about 200 feet away from the server. The server (which even includes a 'self destruct' device) and terminal are both in highly secure areas of the building, but the wiring will be in uncontrolled areas. What should I do to keep people from tapping or monitoring the wire?" Is there any way a conduit can be wired with an alarm which goes off when it's integrity has been violated?
"Heres a basic description of my situation:
- A new wire/fiber/cable/whatever will be run and I can use any sort of conduit I want.
- A potential attacker may have several days of undetected access to parts of the wire/conduit and may have sophisticated fiber-optic tapping equipment (which can tap a fiber without cutting it).
- I can physically inspect the conduit/cable/wire once a month.
- Ideally, the system would also notify me of a majority of successful attacks (or, even better, disconnect the line).
I read your questions as:
/. how I can build a super-secure connection for less than a dollar, I'm sure many geeks have done this before"
:-)
"I have a budget of $0.39, and I would like the same amount of security major banks, intelligence organisations, and the military use. I'll ask
If you truly have information so valuable that someone could gain information just on traffic analysis, you need to hire real professionals. Not some ex-cracker wannabe with a nose-ring and tattoo collection, but ex-DIA soldiers who have already made a career of physical security.
You either spend the money, or tell the powers-that-be to kill the idea of placing a remote terminal in an unsecured location. If the information is that valuable, those who need access to it can cross the street. If they are too lazy to cross the street for your information, then the information isn't valuable enough to keep secure.
Pressurised conduit requires separate monitoring facilities at both ends, inside the secure areas. That means physical access for inspections and maintenance on a regular basis, not just once a month. And if you can't run a customised IPSec implementation with a constant level of traffic, you don't have the budget to do this project correctly. Kill yourself now
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Okay, my $0.02 will likely cost you a large amount of money; but hey... if the data's so important to require self-destruct devices then I can understand that money isn't the biggest concern. Perhaps some of my ideas will prove useful.
Some of the previous articles mention using vacuum or pressure. This isn't a bad idea; though it could potentially be defeated by extremely carefully poking a small hole (about 5 microns in diameter) and then getting a pressure monitor on there. It may take hours for the gauge to read anything of use; but supposedly attackers may have that long. The hole itself would just look like a very small leak on 200 foot of pipe--and so you would believe that it's not an attacker.
Instead, you really should use a multi-layered configuration. Start with a fiber--they are a pain to tap without splicing; and I'll assume you could monitor each end and check for signal degradation that would be indicative of a splice. Then, the fiber should be insulated already, so jacket it in copper or aluminum sheeting (like grounded CAT5) with insulation on top of that. To top off the internal layer, send this "wire" down the smallest metal tube you can; with Great Stuff or other spray-in insulator filling the gap. Note that the fiber et al should be running nearly down the center of this conduit.
That's the first layer. Outside of that, fit the conduit inside another one (again, metal)--this one should be have a good vacuum on it. 10e-3 torr is easy to reach with a roughing pump, so you shouldn't have any trouble getting there. And then one more pipe outside of that. The final pipe should have a high pressure on it, 75 or 100 psi can be reached by a common air compressor. So this gives a total of three metal conduits to go through before reaching the fiber. Obviously, monitor the pressure from both ends--and those numbers should match up (with some error).
Yes, I realize this seems like over-kill. But, with this set up you can do some really cool things to check for intrusion. First, one can put different voltages across each of the 4 metal layers (fiber jacket included). If any of those are the same, you've got an attacker. You also can connect two layers on one end and gauge the resistance from the other. If this number doesn't match what it was yesterday, then there is an attacker. My personal favorite, though, is checking the capacitance between the different layers. If someone somehow figures out how to cut through the pressure and vacuum jacketting, the resistance test might be able to catch it. If you check the capacitance, there's almost no way they can not be detected. If this were me, I would configure both sides to randomly check different combinations from my list.
Finally, you likely will have a few seconds from when an attacker is detected and when he/she could be possibly be listening. This means that you can fully trust the computer on the other end even just after an intruder detection. Use this time for "Oh my God! Cut the line! Shut up and don't talk again!!!" as well as any other last-second transactions you need.
Long, cute, or funny Sigs are just another form of over compensation, used by geeks, nerdz, etc.
Just a suggestion to add to a lot of other very adequate ideas...
I notice most of them recommend running fiber through some sort of pressurized, protected conduit, with various tamper notification schemes. Great; do all that. But instead of just running your single fiber strand, run a lot of them. If you feel extra devious, rig up something to pump garbage signal through them, signal which will look not unlike the encrypted traffic I assume you'll be using on the real line.
Stuff enough of them in there, and make the bogus signal convincing enough, and it will easily take your attacker longer than your one-month inspection period to breach the conduit, defeat the anti-tamper, and identify the correct strand, let alone get anything useful off it.
No relation to Happy Monkey
Forget the dog kennel.. just deploy a legion of snakes in the conduit. Make sure they're poisonous snakes BTW. Either that, or rabid weasels or ferrets.
One future, two choices. Oppose them or let them destroy us.
How about this...
:)
Ignore all the people here wanting to use pressurised systems.
Use fiber, because you can sniff ethernet via copper without having to touch the cable.
Get some fiber cards that do IPSec at the ethernet packet level. Yes, they make them, because it's what I have to use. They are expensive, about 5K per card, but they do GigE...
Also, when you run the fiber cable, just run it with all of the rest of the cables. You put that cable in a steel pipe with pressure or whatever... you might as well go ahead and label it as "HEY!!! CRACKERS!!!! THE SECURE CABLE IS IN HERE!!!!"
Go look at the military regulations on the subject. They spent good tax payer dollars to do it.
But another thing you might look at... Run some copper lines between the two, pick up some Westtel DSL modems, the ones with built in encryption. They have ethernet ports on each side of them, you can then run an additional layer of IPSec across them if you wanted to.
Your application also encrypts the data... right? have you looked into useing SSH tunnels, or is that out of the question to?
Just wondering, but if the data is THAT secure... why in the he** are they letting you even cross an insecure area?? I would NEVER be allowed to do that.