Intrusion Detection For Your PC Case

Anonymous Coward writes "Ryan du Bois, from genbukan security (aka red0x), has created a chassis intrusion detection system for your computer box: the actual physical case. He also wrote a paper describing three separate implementations of this CIDS system: Contacts, Pressure switchs, and a PLA (programmable microchip). Included in his paper are complete designs for the first two and a promise for the last to come soon. Definitely worth a read. The paper is available in many formats including OpenOffice 1.0, HTML , TEXT and a Tarball of them all. You can also obtain the signatures as well as his Automated Security Tools Project, of which this is a member."

Compaq has had this...

[peterdaly]

Compaq has had something like this for years. Not only that, they have an internal case lock which can be activated/deactivated remotely, or in the password protected bios.

A special tool from compaq is required to defeat the lock...or a drill. But anyway, it can keep track of when the case is opened I believe.

I have seen, but never used the feature, so I don't know the specifics.

-Pete

Classified Processing

[delphin42]

I used to work for a defense contractor where many of our computers were used to process classified information. Besides controlling access to the room in which the computers were located, stickers were placed over all the access points to the internals of the machine. The stickers were signed and dated by the security officer when they were placed and if one was broken, the computer had to be carefullly inspected before it would be returned to operation. Needless to say, employees were enouraged to report wear on stickers before they were completely broken, to avoid having to throughly inspect the innards of the device for bugs.

Another option

[RadioTV]

I work at a large public university and I admin an unmonitored lab. This is what we came up with.

We used a home security alarm system modified to connect to the computers. We mounted a switch inside the case that would open when the case was opened. We put the correct resistor in series with the switch (home security alarms don't just measure continuity, the also measure resistance) and connected it to a RJ45 jack on a blank slot cover. We mounted a plate to the monitors either by replacing a screw with a security screw kit (you can't remove the screw without removing the cable run through it) or using industrial super glue. Loop the security alarm cable through the monitor plate and the lock hole on the back of most computers, connect it the RJ45 jack and arm the alarm. If someone disconnects the cable or opens the case, a 125db alarm sounds in the room and an automatic call is placed to the campus police.