Slashdot Mirror
Intrusion Detection For Your PC Case
Anonymous Coward writes "Ryan du Bois, from genbukan security (aka red0x), has created a chassis intrusion detection system for your computer box: the actual physical case. He also wrote a paper describing three separate implementations of this CIDS system: Contacts, Pressure switchs, and a PLA (programmable microchip). Included in his paper are complete designs for the first two and a promise for the last to come soon. Definitely worth a read. The paper is available in many formats including
OpenOffice 1.0,
HTML ,
TEXT
and a Tarball of them all. You can also obtain the
signatures as well as his Automated Security Tools Project, of which this is a member."
Dell Optiplexes could not be opened without tripping an internal warning that would flash on screen at reboot. You had to reset the bios based warning using a password to turn it off. Packard Bell and Compaq also did this years ago (I had a Compaq 286sx with an internal detection system which used a mercury switch)
Oh yeah, FIRST POST BIATCH.
Pretty much all standard business desktops have intrusion detection devices, as well as bios hooks to inform higher level software apps that it has been tripped. Most server cases have this as well- a whole slew of my compaq racks here have them, and they tie into our management system. Mind you, they lock as well, so I'm not as worried- they have solenoids! *THUNK*
I can't imagine someone cobbling together something that has existed forever is news...
EOM
Compaq has had something like this for years. Not only that, they have an internal case lock which can be activated/deactivated remotely, or in the password protected bios.
A special tool from compaq is required to defeat the lock...or a drill. But anyway, it can keep track of when the case is opened I believe.
I have seen, but never used the feature, so I don't know the specifics.
-Pete
Soccer Goal Plans
All you need is tamper-evident tape.
Best Windows Freeware
I have moderation points, but it won't let me moderate the story itself as "pointless" or "redundant"
It's really too bad when the people running the site know less than the people reading it.
Twoflower
--
Twoflower
is that we need lasers set up in an inefficient pattern surrounding the box itself.
I am the lord of the pun. Dance Knave!
As interesting as this is, I'd be more worried about someone actually stealing the machine than opening it up for components. Even in a office environment, who is going to check each machine to make sure the employee using it didn't crack it open to swipe some RAM?
Why not just use a chain to the desk which locks the case shut? Then you're safe in both cases.
I used to work for a defense contractor where many of our computers were used to process classified information. Besides controlling access to the room in which the computers were located, stickers were placed over all the access points to the internals of the machine. The stickers were signed and dated by the security officer when they were placed and if one was broken, the computer had to be carefullly inspected before it would be returned to operation. Needless to say, employees were enouraged to report wear on stickers before they were completely broken, to avoid having to throughly inspect the innards of the device for bugs.
-- Adam
Howsabout a good old fashioned thieves knot?
I'm a little slow here, but what is to keep an intelligent intruder from resetting the software that tells you an intrusion took place?
I'd feel better will tamper-evident tape, but maybe I don't understand this system.
I've worked with a number of PC's that have chassis intrusion detection. Admittedly, it's a simple switch connected to a register that can only be reset in passworded BIOS.
This guy is writing like it's news or something. I read the brief file, and it looks like he just figured out what I first saw years ago.
And also, the classic phrase:
if you don't have physical security, you have no security at all.
Alcohol, Tobacco and Firearms should be the name of a store, not a government agency.
this seems kinda funny. First 'hacker' makes case mods so you can see al of his frilly internals. then he puts on a system so you cannot touch or have access to them. this is strangely reminiscent of the lingerie / chastity belt scenerio, see... no touch. see... no touch.
I want 2D games back.
what's worse, think about it- how many of us actually have our cases CLOSED?
locks don't help when you got the side off and a fan pointing in on the processor.
Looking for Book Reviews? Check out Literary Escapism.
Gracie, the gray tabby cat sleeps atop my PC case. If her bed is disturbed... and I do mean in any way... she cries for days on end. She can't be consoled. I have no choice but to hunt down the man what tried to jack my HDD and present his head to the cat like she does when she brings me mice.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
Well, I could wrap a case in duct tape and *detect* an intrusion by checking if anyone had cut back the tape... or rig it with C4 and listen for loud exploding noises. But I would think that intrusion *prevention* or good chassis access control would be a more useful technology. Or case mod, as it were.
-ks
The angel in the oatmeal.
I remember reading about systems in old issues of PC Magazine or such where, if the case was opened incorrectly, something inside would explode and cover everything inside with paint, thus making the computer parts un-sellable on the reller's market. The crook would leave your box behind and you could still get at your HDD to recover your data.
IBM used to (and I imagine still does) build thier rs/6000 cases this way. The thing that always pleased me most was the use of a Medeco biaxial lock & key. Medeco's are effectively not pickable, in contrast to virtually all other pin-tumbler locks.
I don't know what other vendors use this or similar methods for the cases. the usual 3-4 pin lock incorporated in all the other cases I've seen (including some pretty expensive ones from Compaq / HP) were trivial to open. Even the use of mushroom pins is not going to be proof against a reasonably skilled intruder.
Linux is Linux, if One need clarify their dist: <Dist>/GNU Linux
bsds are of course just BSD
Some years ago I was working as a tech in a university as a co-op student. I learned that there were semi-common problems for people to break open the blank 5.25" panels on the front of the cases and reach in and grab the RAM and CPU. And this was on boxes that where physically secured onto the desks.
This is one reason why security on system cases is necessary.
I don't think the intrusion detection system is aimed at your market level. This is not even an average /.'rs level.
This is one of them corporate IT bigwig thingys where the extra expense of an ID system is only a small part of the cost of the overall system itself.
To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
Leave a fake grenade, with the pin pulled and the spoon held down by the outside of the case in the computer.
Identify intrusion by the stain on the floor.
For bonus points, replace the fake grenade with a real one.
www.eFax.com are spammers
Take a single hair, wet it in your mouth, and place it across the crack between the removable side panel and the rest of the case. Anyone trying to break in will not see a single hair - or think anything of it if they do - and you'll know whether someone has cracked it open.
And it costs nothing.
My Karma was at 49, then they switched to words. All that work for nothing!
I like the system that Apple has put into their G4 Towers. There's a spring-loaded clip with a hole in it that pulls out of the back of the case. You can slip a cable/padlock/whatever through this which prevents the clip from springing back into the case.
When the clip is out, the EZ-flip-down-door on the side of the case is locked, preventing unnoticable intrusion.
The best option I saw was a fiber optic strand pulled through the case and the desk it was installed in. When the case was removed (or possibly tampered with) the fiber was broken. You could rig it with an alarm or a watch dog. Beware though, the cheap version using plastic optics rather than a good length of 62.5m MMF or 10m SMF. The plastic fiber gave many false positives. The ends wouldn't fit right so jiggling the case caused the LED light to be disrupted. If you're protecting nice Sparcs or SGIs, this is the answer for you. Don't skip on this though. You get what you pay for.
So what we have here is some fourteen year old with his own "security" organization, a metric buttload of super glue and an utter lack of clue who writes a frankly useless article so that he can pretend he's important whilst slinging around big acronyms like "PLA" and "VHDL" when the tools they represent are useless to the task at hand. In other words, a snake-oil salesman.
-jhp, smacking down dim-bulbs everywhere
/. -- the Free Republic of technology.
I suggest you search through the archives of "Ask Slashdot." You'll find many interesting stories where it is clear that if the poster's identity was given away, they would be in trouble with their boss/clients.
Technology Sectors that are Hot or Heating Up Now?
Is it Wrong to Accept an Employment Counter-Offer?
Technology for Undercover Journalists?
Convincing Management of Network Security Issues?
Headhunting Laws?
And more ...
Nope, I'm going to sound like I'm so smart that nothing seems new to me. Ah, somebody wrote up a description of how to make your own detection system. Wait a minute, alarms using pressure switches have been done before!! Geez, can't they work spooky interaction into it or something?
Damn. This must be a slow news day if I can't be entertained by a a description of what is involved. No siree, I wouldn't want to learn anything. If Compaq and Dell can build stuff into their systems that sounds the same, then it isn't worth me knowing about. Hmm my computer doesn't have one of these. I guess I never thought about that when I built my own computer. Pity, I don't have an intrusion detection system.
Oh I know, I don't need one! My friends all shout 'First Post!'.
"Derp de derp."
OK, your case is comprimised. So what? What are they going to do, remove your hard drive while the power is on? Attach remote listening devices inside your case, so they can listen to your disks spinning?
If a thief breaks into your computer room they're going to hit the power switch. Then, if they don't carry away the entire computer, they'll open it up and remove what they want. AFTER the CIDS has been power disabled.
If you can't tell from all the other posts, this has been implemented for a great number of years on nearly all business-grade desktops, usually accompanied by a provision for a physical lock.
If this kid actually gets someone to buy into this and pay him to license his "software", I've gotta give him at least a little respect. At least he's not the one paying for it.
--Ribald
Turn it around, and you have the actual problem: Machine heats up, pressure increases. Compile the kernel, hear a siren?
My idea would be light sensors in the machine. Open the case, flood it with light, hear a siren (send a signal.)
There should be a moratorium on the use of the apostrophe.
Max V.
NeXTMail/MIME Mail welcome
heh, take the parent's sig as a response to yours.
there was no need for you to reply to that guy.
In Capitalist America, bank robs you!
People keep abusing my profession, next time I tell them I'm a security expert they're going to ask me if I can please go and close the door...
free the mallocs!
... that OpenOffice 1.0 has been used as a file format for widespread distribution in two recent stories (including this one). It may not be widespread among the wider herd, but it's easy to tell someone they can read the report with a *legal* free download.
;-)
Though I'd still prefer that LaTeX was the standard document distribution format, but then I'm a die-hard
"The purpose of argument is to change the nature of truth." -- Bene Gesserit Precept
It makes a lot of sense when you consider that most of computer theft is perpetrated by employees of the company.
Slashdot requires you to wait 20 seconds between hitting 'reply' and submitting a comment.
It's been 19 seconds since you hit 'reply'!
In Capitalist America, bank robs you!
an air tight case wouldn't have very good ventilation, would it?
In Capitalist America, bank robs you!
Yes, but I wonder how tamper resistant they are--
We are talking about the case here-- an IDS is in a physically compromised environment-- how easy would it be for a knowledgable and determined attacker to reset, disable, or otherwise circumvent?
LedgerSMB: Open source Accounting/ERP
"Sounds interesting, but incredibly impractical."
/. case-modder...
Ah! You have issued the rallying cry of the
"It sounds interesting yet totally impractical! To arms, my brothers! Let us mod this case!"
graspee
So, beyond the dubious importance of this "design" - which begins with setting up copper contacts on the case and moving on to pressure switches - he can't give us any results because he doesn't have a utility to check the register.
That's classic.
Two bits says this made it to the front page because he mentions he's running linux on his "CIDS."
IP is just rude.
Is there any torture so subl
Geez, I built a security system for my room with a relay, a buzzer, a battery and a couple of hunks of bare wire when I was 10 years old. I should write it up, maybe I can get on /.
Nah, but when you get right down to it - what's the point of replying to anything on /.?
Somedays, you just gotta point out that someone's being an idiot. It may be blindingly obvious, but hey, we're all bozos on this bus.
To celebrate the occasion of my 1000th post, I will post no more forever on Slashdot. Goodbye.
A case with a lock on it? - You'll have to crack into it without a metal cutting saw.. and thats gonna be noisy and take some time. (Not to mention leave a mark.) Note also that most manufacturers sell cases with BIOS level intrusion detection built in if you want it.
I applaud the efforts of junior MacGyvers, but if you really want to be secure, there are obviously better solutions.
Speaking of computer security, that reminds me of the time when the CS department at the University I went to got a bunch of brand new lab machines. They all had intrusion detection, which we CS dept. admins thought was pretty cool. We told the campuswide IT guys that we needed them secured in place. They dragged their feet on it. A month later, the CS department threw a Lan party in the same building (though not in the same room) and some enterprising students used it to cover the theft of 4 of the new lab machines. Security wire and cameras were in the room within a week. As far as I know the stolen computers were never recovered. We took small solace in the knowledge that the computer beeps at them and displays a brief annoyance message now before booting the OS. That is, as long as they opened the case and didn't flash the BIOS.
// harborpirate
// Slashbots off the starboard bow!
Anyone seen any bond movie where he sticks a hair over the door to see if was later opened? I guess not. Dibs on patent!
I work at a large public university and I admin an unmonitored lab. This is what we came up with.
We used a home security alarm system modified to connect to the computers. We mounted a switch inside the case that would open when the case was opened. We put the correct resistor in series with the switch (home security alarms don't just measure continuity, the also measure resistance) and connected it to a RJ45 jack on a blank slot cover. We mounted a plate to the monitors either by replacing a screw with a security screw kit (you can't remove the screw without removing the cable run through it) or using industrial super glue. Loop the security alarm cable through the monitor plate and the lock hole on the back of most computers, connect it the RJ45 jack and arm the alarm. If someone disconnects the cable or opens the case, a 125db alarm sounds in the room and an automatic call is placed to the campus police.
I have great faith in fools - self confidence my friends call it. - Edgar Allan Poe
The company I work for makes seals mostly used in the tractor trailer business for securing trailer doors similar to hotel bar fridge seals. They are numbered and are a use once and throw away item. I find they work really good at securing PC cases.
Who'd want to break into your case anyway?
1. ha. :)
2. you sure got all riled up huh?
3. you are pretty judgemental yourself.
4. how am I to know whether or not the incident was true and you were really bragging about it through your sig.
5. regardless of whether that lady was your mother or not - she is one calous bitch, regardless of the circumstances. and its sad that we have such shitty people in this world.
6. you'd lose the fight.
8. I am not a troll.
9. have a nice day!