Slashdot Mirror
Ethernet Wiring Through Hostile Territory?
GoogleDidntFindIt asks: "I need to connect a terminal to a server which contains very sensitive information. Unfortunately, the terminal is about 200 feet away from the server. The server (which even includes a 'self destruct' device) and terminal are both in highly secure areas of the building, but the wiring will be in uncontrolled areas. What should I do to keep people from tapping or monitoring the wire?" Is there any way a conduit can be wired with an alarm which goes off when it's integrity has been violated?
"Heres a basic description of my situation:
- A new wire/fiber/cable/whatever will be run and I can use any sort of conduit I want.
- A potential attacker may have several days of undetected access to parts of the wire/conduit and may have sophisticated fiber-optic tapping equipment (which can tap a fiber without cutting it).
- I can physically inspect the conduit/cable/wire once a month.
- Ideally, the system would also notify me of a majority of successful attacks (or, even better, disconnect the line).
How about putting the conduit under pressure/vacuum and shutting it down when there's a leak ?
A waterhose with a waterprrof glassfibre should do the trick.
Depends on how much you want to spend, but I'd go with a fibre connection - makes it more difficult to tap.... Put it into a steel pipe, mostly to protect the fibre. Then an thin insulating layer (the thinner and fragile the better), a layer of copper (like the shielding of a coax cable) and a final protective layer. Pressurize the steel pipe and monitor the pressure, and also put a little voltage between the steel pipe and the copper. That way the fibre is well protected against accidental, mechanical damage, and its pretty difficult to first get rid of the copper layer without it touching the steel pipe, and even more difficult to open the pipe to get to the fibre without changing the pressure... Costs you probably quite a lot, but I'll bett my lunch that unless you're up against the government, you'll be happy with it.
i believe major investment houses and large banks have little black boxes to place on both ends of a T1. they do the crypto, but they also constantly stream random bits if there is no real traffic.
do you care about someone pumping a few amps down the wire and trying to burn out the IO pins on your super-duper computer? in that case it would be prudent to pick up your soldering iron and build a serial relay with electro-optical interconnects.
your best bet may be to just go wireless, run IPSEC and keep lots of random traffic in the background. at least it would take more smarts to create an EM pulse strong enough to attack the electronics.
I read your questions as:
/. how I can build a super-secure connection for less than a dollar, I'm sure many geeks have done this before"
:-)
"I have a budget of $0.39, and I would like the same amount of security major banks, intelligence organisations, and the military use. I'll ask
If you truly have information so valuable that someone could gain information just on traffic analysis, you need to hire real professionals. Not some ex-cracker wannabe with a nose-ring and tattoo collection, but ex-DIA soldiers who have already made a career of physical security.
You either spend the money, or tell the powers-that-be to kill the idea of placing a remote terminal in an unsecured location. If the information is that valuable, those who need access to it can cross the street. If they are too lazy to cross the street for your information, then the information isn't valuable enough to keep secure.
Pressurised conduit requires separate monitoring facilities at both ends, inside the secure areas. That means physical access for inspections and maintenance on a regular basis, not just once a month. And if you can't run a customised IPSec implementation with a constant level of traffic, you don't have the budget to do this project correctly. Kill yourself now
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
Okay, my $0.02 will likely cost you a large amount of money; but hey... if the data's so important to require self-destruct devices then I can understand that money isn't the biggest concern. Perhaps some of my ideas will prove useful.
Some of the previous articles mention using vacuum or pressure. This isn't a bad idea; though it could potentially be defeated by extremely carefully poking a small hole (about 5 microns in diameter) and then getting a pressure monitor on there. It may take hours for the gauge to read anything of use; but supposedly attackers may have that long. The hole itself would just look like a very small leak on 200 foot of pipe--and so you would believe that it's not an attacker.
Instead, you really should use a multi-layered configuration. Start with a fiber--they are a pain to tap without splicing; and I'll assume you could monitor each end and check for signal degradation that would be indicative of a splice. Then, the fiber should be insulated already, so jacket it in copper or aluminum sheeting (like grounded CAT5) with insulation on top of that. To top off the internal layer, send this "wire" down the smallest metal tube you can; with Great Stuff or other spray-in insulator filling the gap. Note that the fiber et al should be running nearly down the center of this conduit.
That's the first layer. Outside of that, fit the conduit inside another one (again, metal)--this one should be have a good vacuum on it. 10e-3 torr is easy to reach with a roughing pump, so you shouldn't have any trouble getting there. And then one more pipe outside of that. The final pipe should have a high pressure on it, 75 or 100 psi can be reached by a common air compressor. So this gives a total of three metal conduits to go through before reaching the fiber. Obviously, monitor the pressure from both ends--and those numbers should match up (with some error).
Yes, I realize this seems like over-kill. But, with this set up you can do some really cool things to check for intrusion. First, one can put different voltages across each of the 4 metal layers (fiber jacket included). If any of those are the same, you've got an attacker. You also can connect two layers on one end and gauge the resistance from the other. If this number doesn't match what it was yesterday, then there is an attacker. My personal favorite, though, is checking the capacitance between the different layers. If someone somehow figures out how to cut through the pressure and vacuum jacketting, the resistance test might be able to catch it. If you check the capacitance, there's almost no way they can not be detected. If this were me, I would configure both sides to randomly check different combinations from my list.
Finally, you likely will have a few seconds from when an attacker is detected and when he/she could be possibly be listening. This means that you can fully trust the computer on the other end even just after an intruder detection. Use this time for "Oh my God! Cut the line! Shut up and don't talk again!!!" as well as any other last-second transactions you need.
Long, cute, or funny Sigs are just another form of over compensation, used by geeks, nerdz, etc.
Am I the only person wondering why you can't just stick the terminal in the same room as the server? There would be 0 (zero)chance of monitored communications between the two machines. If both computers are only available in secured locations anyway, what would be the problem with this? It's cheap, easy and effective.
What if he's the one trying to break in to an already existing setup and is just looking for ideas on what kinds of defenses he might encounter?
I see even classic Slashdot is now pretty much unusable on dial up anymore.
I can't think of much data that would be sensitive enough to warrent this level of protection. AFAIK even the government feels good encryption and frequent (weekly) inspection of the fiber is good enough to protect critical military operational data.
If your worried about someone with government level resources cracking the data and the amount of data trafficing the pipe is not huge your best bet is a pad cypher (generally considered to be unbreakable). Generate completely random data (atmospheric noise is a good source), burn it to two CDROMs. Encrypt and decrypt the stream of data on each end. You can use a small embedded PC on each end if the data stream is non-standard. Never reuse the same stream of random data.
Just a suggestion to add to a lot of other very adequate ideas...
I notice most of them recommend running fiber through some sort of pressurized, protected conduit, with various tamper notification schemes. Great; do all that. But instead of just running your single fiber strand, run a lot of them. If you feel extra devious, rig up something to pump garbage signal through them, signal which will look not unlike the encrypted traffic I assume you'll be using on the real line.
Stuff enough of them in there, and make the bogus signal convincing enough, and it will easily take your attacker longer than your one-month inspection period to breach the conduit, defeat the anti-tamper, and identify the correct strand, let alone get anything useful off it.
No relation to Happy Monkey
with self-destruct feature...then I replaced Windows with linux
-- www.globaltics.net
Political discussion for a new world
You can get cheap ipsec boxes to connect sites to each other over ethernet. Red Creek (still around, to my great surprise) makes a 6-ounce, 6x4 inch device that connects ethernet to ethernet, and runs ipsec over one ethernet link. Put one of these in each secure enclosure, and you should be in business!
sulli
RTFJ.
ignore all the comments about high pressure and other crap. pressure systems need to be maintained continously and are prone to failure.
Try this :
put a bunch of fibre optic strands into a steel pipe (large). make sure the fibre is all loose strands of single mode fibre (glass) and not encased in a protective coating. then fill the pipe completely with concrete and let it dry. attach the fibre to the terminal and the server and run something to monitor the connection 24/7. if the bad guys blowtorch thru the steel pipe they need to use a hammer to get thru the concrete. cracking the concrete cracks the fibre along with it destroying your connection (even if it is temporary and they rig something up to restore the connection your software monitoring the connection can sound the alarm). since single mode fibre is essentially very thin glass strands you will loose a few strands while pouring the concrete but at least one will work. you can use the one that works.
its messy but reliable. epoxy and other nasty stuff in layers with the concrete is also useful.
Ok, this is sort of 3.1415962.... in the sky, but as long as you are transmitting your information classically, others can theoretically interrupt and observe the flow of information without your knowledge.
If you could somehow transmit the information quantum mechanically, as soon as some one intercepted the message, it would change state and you would know.
for more info check out www.qubit.org.
of couse this is all theoretical, since no hardware like this exists commercially yet. There are some researchers doing some basic research into this area, though, so maybe banks and other high security institutuions will be using this in ~10 years.
the other suggestions about fiber in a steel pipe along with a pressure differential as well as some capacitance measurement seem to be pretty good suggestions for data line integrety, though.
Quando Omni Flunkus Moritati
stenograph (stn-grf)
n.
A keyboard machine for reproducing letters in a shorthand system.
A character in shorthand.
"You keep using that word. I do not think it means what you think it means."
For added annoyance value, use random data instead of zeros.
You'll still want to armor the cable, put in a bunch of dummy fibers and many of the other things that were suggested.
I remember reading about TEMPEST standards from the government. The documents were (mostly) declassified recently and have standards for wiring sensitive (RED) data connections in different environments-- all the way to battlefield conditions.
t m
...
Plus, you have some CYA protection here since it's a predefined standard!
http://www.eskimo.com/~joelm/tempest.html
http://www.fas.org/irp/program/security/tempest.h
... but I still like the chain link fence idea with guard dogs
Neither will detect a successful tap, but inducing an electrostatic charge on the conduit (a la the lamps that you touch anywhere on the base to activate/deactivate) would let monitoring systems know if someone touches the pipe to set off an alarm and shut down communications, but would open you up to an easy DOS.
The second is an OTDR (optical time domain reflectometer) - this will easily detect changes in the fiber layout, and will also tell you exactly where the tap/modification occurred.
Basically, an OTDR sends a pulse of light and looks at the reflection(s) over time. It will show bends, nicks, etc that occur in the fibre.
The big boys use a plastic sheet coated with carbon tracks in many layers. Goretex (yes the same one that makes boots) sells this stuff. It is generally used to protect small devices from being probed. It works by measuring the resistance of the carbon tracks and can detect sub-micron drills. Crypto units in gov/mil applicions use this technique, so it is considered to be the best method.
In your case the wire would be wrapped in this stuff and then coated in a soft epoxy resin. Any damage to the sheath and the system can take evasive action...
I've got a contact in this area - Email me and I'll put you in contact.
I am the NUL and the DEL, the beginning and the end.
Too bad you already have max mod points, because _that_ was the funniest thing I've read on here in weeks!
Outside of a dog, a book is man's best friend. Inside a dog it's too dark to read. - Groucho Marx
Forget the dog kennel.. just deploy a legion of snakes in the conduit. Make sure they're poisonous snakes BTW. Either that, or rabid weasels or ferrets.
One future, two choices. Oppose them or let them destroy us.
Where I come from, simple and cheap equate to good. Not only with women, but also software solutions. Here's my take on how to solve your little dilema...
Simply have a script running on the server that periodically (ie less than 1s intervals) sends a single short time-out ping to the other end of the line. If the other side fails to respond, kill the route and interface, and if possible, shut down and lock up the server, since a failed reply strongly suggests that the link has been compromised.
If you feel like putting more work into the project, you can watch for unwelcome network traffic. Sending out various broadcast requests and looking for their response, as well as things like windows network broadcasts, and again killing the link if unacceptable results are found will give you an added level of security.
While most of the above physical solutions are clearly outside of your budget, considering you're talking to slashdot and not a properly bonded security consultant, using fiber will make it significantly more difficult for the link to be compromised without detection. Running IPSEC(over IPSEC over...), or better yet not using ethernet & TCP/IP will add an aditional layer of confusion for any potential attackers.
I could go on and on with various ideas, but I think I've said enough. If you really want more of my ideas, I'd be willing to talk for a case of beer and a hooker. If money's tight, I'll settle for a cheap hooker, just don't skimp on the beer, its where my magical powers come from. ^_^
my sig's at the bottom of the page.