Intrusion Detection For Your PC Case

Anonymous Coward writes "Ryan du Bois, from genbukan security (aka red0x), has created a chassis intrusion detection system for your computer box: the actual physical case. He also wrote a paper describing three separate implementations of this CIDS system: Contacts, Pressure switchs, and a PLA (programmable microchip). Included in his paper are complete designs for the first two and a promise for the last to come soon. Definitely worth a read. The paper is available in many formats including OpenOffice 1.0, HTML , TEXT and a Tarball of them all. You can also obtain the signatures as well as his Automated Security Tools Project, of which this is a member."

Compaq has had this...

[peterdaly]

Compaq has had something like this for years. Not only that, they have an internal case lock which can be activated/deactivated remotely, or in the password protected bios.

A special tool from compaq is required to defeat the lock...or a drill. But anyway, it can keep track of when the case is opened I believe.

I have seen, but never used the feature, so I don't know the specifics.

-Pete

Classified Processing

[delphin42]

I used to work for a defense contractor where many of our computers were used to process classified information. Besides controlling access to the room in which the computers were located, stickers were placed over all the access points to the internals of the machine. The stickers were signed and dated by the security officer when they were placed and if one was broken, the computer had to be carefullly inspected before it would be returned to operation. Needless to say, employees were enouraged to report wear on stickers before they were completely broken, to avoid having to throughly inspect the innards of the device for bugs.

Something more low-tech...

[Silverhammer]

Howsabout a good old fashioned thieves knot?

Re:This is new?

[Jucius+Maximus]

I agree. Old news indeed.

I remember reading about systems in old issues of PC Magazine or such where, if the case was opened incorrectly, something inside would explode and cover everything inside with paint, thus making the computer parts un-sellable on the reller's market. The crook would leave your box behind and you could still get at your HDD to recover your data.

Re:This is news?

[Cramer]

Thing is, he's not first to do it. Hundreds of people have done what he's done. Only none of them are wasting sourceforge space for their pre-school tinkering. I'm sorry, but that's all this is: a five year old discovering the door switch on the cloths dryer.

If you want to see real CIDS, go talk to people who make and use military encryption devices. (shake some of them too hard and they electrically self-destruct -- they erase their tiny little brain.)

It gets better

[Nyarly]

From the article:

"I could not find any DMI applications for linux, so I have no way of testing it to see if it worked..."

So, beyond the dubious importance of this "design" - which begins with setting up copper contacts on the case and moving on to pressure switches - he can't give us any results because he doesn't have a utility to check the register.

That's classic.

Two bits says this made it to the front page because he mentions he's running linux on his "CIDS."

Why not just buy

[harborpirate]

A case with a lock on it? - You'll have to crack into it without a metal cutting saw.. and thats gonna be noisy and take some time. (Not to mention leave a mark.) Note also that most manufacturers sell cases with BIOS level intrusion detection built in if you want it.

I applaud the efforts of junior MacGyvers, but if you really want to be secure, there are obviously better solutions.

Speaking of computer security, that reminds me of the time when the CS department at the University I went to got a bunch of brand new lab machines. They all had intrusion detection, which we CS dept. admins thought was pretty cool. We told the campuswide IT guys that we needed them secured in place. They dragged their feet on it. A month later, the CS department threw a Lan party in the same building (though not in the same room) and some enterprising students used it to cover the theft of 4 of the new lab machines. Security wire and cameras were in the room within a week. As far as I know the stolen computers were never recovered. We took small solace in the knowledge that the computer beeps at them and displays a brief annoyance message now before booting the OS. That is, as long as they opened the case and didn't flash the BIOS.

Another option

[RadioTV]

I work at a large public university and I admin an unmonitored lab. This is what we came up with.

We used a home security alarm system modified to connect to the computers. We mounted a switch inside the case that would open when the case was opened. We put the correct resistor in series with the switch (home security alarms don't just measure continuity, the also measure resistance) and connected it to a RJ45 jack on a blank slot cover. We mounted a plate to the monitors either by replacing a screw with a security screw kit (you can't remove the screw without removing the cable run through it) or using industrial super glue. Loop the security alarm cable through the monitor plate and the lock hole on the back of most computers, connect it the RJ45 jack and arm the alarm. If someone disconnects the cable or opens the case, a 125db alarm sounds in the room and an automatic call is placed to the campus police.