Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ethernet Wiring Through Hostile Territory?

Posted by Cliff on from the security-doesn't-end-at-the-console dept.

GoogleDidntFindIt asks: "I need to connect a terminal to a server which contains very sensitive information. Unfortunately, the terminal is about 200 feet away from the server. The server (which even includes a 'self destruct' device) and terminal are both in highly secure areas of the building, but the wiring will be in uncontrolled areas. What should I do to keep people from tapping or monitoring the wire?" Is there any way a conduit can be wired with an alarm which goes off when it's integrity has been violated?

"Heres a basic description of my situation:

  • A new wire/fiber/cable/whatever will be run and I can use any sort of conduit I want.
  • A potential attacker may have several days of undetected access to parts of the wire/conduit and may have sophisticated fiber-optic tapping equipment (which can tap a fiber without cutting it).
  • I can physically inspect the conduit/cable/wire once a month.
  • Ideally, the system would also notify me of a majority of successful attacks (or, even better, disconnect the line).
I'm aware of IPSEC and other encryption systems, but they aren't suitable for this project - I'm looking for systems which address physical security and protect against traffic analysis."

5 of 65 comments (clear)

  1. How do we know that he's the good guy here? by unitron · · Score: 4, Interesting

    What if he's the one trying to break in to an already existing setup and is just looking for ideas on what kinds of defenses he might encounter?

    --

    I see even classic Slashdot is now pretty much unusable on dial up anymore.

  2. Why not ipsec? by sulli · · Score: 3, Interesting

    You can get cheap ipsec boxes to connect sites to each other over ethernet. Red Creek (still around, to my great surprise) makes a 6-ounce, 6x4 inch device that connects ethernet to ethernet, and runs ipsec over one ethernet link. Put one of these in each secure enclosure, and you should be in business!

    --

    sulli
    RTFJ.
  3. duh. easy. by Zurk · · Score: 4, Interesting

    ignore all the comments about high pressure and other crap. pressure systems need to be maintained continously and are prone to failure.
    Try this :
    put a bunch of fibre optic strands into a steel pipe (large). make sure the fibre is all loose strands of single mode fibre (glass) and not encased in a protective coating. then fill the pipe completely with concrete and let it dry. attach the fibre to the terminal and the server and run something to monitor the connection 24/7. if the bad guys blowtorch thru the steel pipe they need to use a hammer to get thru the concrete. cracking the concrete cracks the fibre along with it destroying your connection (even if it is temporary and they rig something up to restore the connection your software monitoring the connection can sound the alarm). since single mode fibre is essentially very thin glass strands you will loose a few strands while pouring the concrete but at least one will work. you can use the one that works.
    its messy but reliable. epoxy and other nasty stuff in layers with the concrete is also useful.

    1. Re:duh. easy. by TheCarp · · Score: 3, Interesting

      How about this one....

      put 3 strands down the middle of the conduit.. and a bunch all around at a small radius from it. Fill with asphalt.

      run stead signals through the outside strands... if an outside strand stops working...then check for intrusion.

      for added protection... put some temperature sensors in (actually... checking the resistance of the outside conduit (assuming its made of metal) may work for that)) the conduit. (to detect anyone tryin gto melt out the asphalt)

      oh yea...and spray paint all the fiber black, so it blends in with the asphalt.

      I would then use crypto in addition to that...but thats just me.

      -Steve

      --
      "I opened my eyes, and everything went dark again"
  4. Use REAL tamper protection by p-n-wise · · Score: 3, Interesting

    The big boys use a plastic sheet coated with carbon tracks in many layers. Goretex (yes the same one that makes boots) sells this stuff. It is generally used to protect small devices from being probed. It works by measuring the resistance of the carbon tracks and can detect sub-micron drills. Crypto units in gov/mil applicions use this technique, so it is considered to be the best method.

    In your case the wire would be wrapped in this stuff and then coated in a soft epoxy resin. Any damage to the sheath and the system can take evasive action...

    I've got a contact in this area - Email me and I'll put you in contact.

    --
    I am the NUL and the DEL, the beginning and the end.