Slashdot Mirror

← Back to Stories (view on slashdot.org)

Intrusion Detection For Your PC Case

Posted by Hemos on from the gotta-catch-'em-all dept.

Anonymous Coward writes "Ryan du Bois, from genbukan security (aka red0x), has created a chassis intrusion detection system for your computer box: the actual physical case. He also wrote a paper describing three separate implementations of this CIDS system: Contacts, Pressure switchs, and a PLA (programmable microchip). Included in his paper are complete designs for the first two and a promise for the last to come soon. Definitely worth a read. The paper is available in many formats including OpenOffice 1.0, HTML , TEXT and a Tarball of them all. You can also obtain the signatures as well as his Automated Security Tools Project, of which this is a member."

22 of 212 comments (clear)

  1. This is news? by No-op · · Score: 5, Insightful

    Pretty much all standard business desktops have intrusion detection devices, as well as bios hooks to inform higher level software apps that it has been tripped. Most server cases have this as well- a whole slew of my compaq racks here have them, and they tie into our management system. Mind you, they lock as well, so I'm not as worried- they have solenoids! *THUNK*

    I can't imagine someone cobbling together something that has existed forever is news...

    --
    EOM
    1. Re:This is news? by Cramer · · Score: 3, Interesting

      Thing is, he's not first to do it. Hundreds of people have done what he's done. Only none of them are wasting sourceforge space for their pre-school tinkering. I'm sorry, but that's all this is: a five year old discovering the door switch on the cloths dryer.

      If you want to see real CIDS, go talk to people who make and use military encryption devices. (shake some of them too hard and they electrically self-destruct -- they erase their tiny little brain.)

    2. Re:This is news? by BlowCat · · Score: 3, Funny
      If you want to see real CIDS, go talk to people who make and use military encryption devices. (shake some of them too hard and they electrically self-destruct -- they erase their tiny little brain.)
      And some devices erase the tiny little brain of the intruder as well.
  2. Compaq has had this... by peterdaly · · Score: 4, Interesting

    Compaq has had something like this for years. Not only that, they have an internal case lock which can be activated/deactivated remotely, or in the password protected bios.

    A special tool from compaq is required to defeat the lock...or a drill. But anyway, it can keep track of when the case is opened I believe.

    I have seen, but never used the feature, so I don't know the specifics.

    -Pete

    --
    Soccer Goal Plans
  3. What a bunch of Rubes!... Goldberg, that is by L.+VeGas · · Score: 4, Insightful

    All you need is tamper-evident tape.

    --
    Best Windows Freeware
  4. Moderation by twoflower · · Score: 3, Insightful

    I have moderation points, but it won't let me moderate the story itself as "pointless" or "redundant"

    It's really too bad when the people running the site know less than the people reading it.

    Twoflower

    --


    --
    Twoflower
  5. what I learned from the movies by Marco_polo · · Score: 4, Funny

    is that we need lasers set up in an inefficient pattern surrounding the box itself.

    --
    I am the lord of the pun. Dance Knave!
  6. More important things to worry about by fatwreckfan · · Score: 3, Insightful

    As interesting as this is, I'd be more worried about someone actually stealing the machine than opening it up for components. Even in a office environment, who is going to check each machine to make sure the employee using it didn't crack it open to swipe some RAM?

    Why not just use a chain to the desk which locks the case shut? Then you're safe in both cases.

  7. Classified Processing by delphin42 · · Score: 5, Interesting

    I used to work for a defense contractor where many of our computers were used to process classified information. Besides controlling access to the room in which the computers were located, stickers were placed over all the access points to the internals of the machine. The stickers were signed and dated by the security officer when they were placed and if one was broken, the computer had to be carefullly inspected before it would be returned to operation. Needless to say, employees were enouraged to report wear on stickers before they were completely broken, to avoid having to throughly inspect the innards of the device for bugs.

    --
    -- Adam
  8. Something more low-tech... by Silverhammer · · Score: 3, Interesting

    Howsabout a good old fashioned thieves knot?

  9. 'hackers' chastity belt by paradesign · · Score: 3, Funny

    this seems kinda funny. First 'hacker' makes case mods so you can see al of his frilly internals. then he puts on a system so you cannot touch or have access to them. this is strangely reminiscent of the lingerie / chastity belt scenerio, see... no touch. see... no touch.

    --
    I want 2D games back.
    1. Re:'hackers' chastity belt by juliao · · Score: 3, Funny
      Back in the sixties, rumor has it that men tended to view their motobikes as something of a sexual nature, perhaps equating it with a woman.

      They cared for it, they made it beautiful, they rode it, they rode it, they rode it...

      This comment on chastity belts brings back to light the much debated issue of the hacker's liaison with his computer. He cares for it, makes it beautiful (case mods), sometimes prefers it naked (no case), install the latest software (XP) and then it crashes and he gets screwed, screwed, screwed...

      I guess if they had porn on bikes we'd never had gotten this far.

      --

      free the mallocs!

  10. My IDS... by Bonker · · Score: 5, Funny

    Gracie, the gray tabby cat sleeps atop my PC case. If her bed is disturbed... and I do mean in any way... she cries for days on end. She can't be consoled. I have no choice but to hunt down the man what tried to jack my HDD and present his head to the cat like she does when she brings me mice.

    --
    The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
  11. Re:This is new? by Jucius+Maximus · · Score: 3, Interesting
    I agree. Old news indeed.

    I remember reading about systems in old issues of PC Magazine or such where, if the case was opened incorrectly, something inside would explode and cover everything inside with paint, thus making the computer parts un-sellable on the reller's market. The crook would leave your box behind and you could still get at your HDD to recover your data.

  12. Great intrusion detection by wowbagger · · Score: 5, Funny

    Leave a fake grenade, with the pin pulled and the spoon held down by the outside of the case in the computer.

    Identify intrusion by the stain on the floor.

    For bonus points, replace the fake grenade with a real one.

    --
    www.eFax.com are spammers
  13. G4 Towers by krugdm · · Score: 3, Informative

    I like the system that Apple has put into their G4 Towers. There's a spring-loaded clip with a hole in it that pulls out of the back of the case. You can slip a cable/padlock/whatever through this which prevents the clip from springing back into the case.

    When the clip is out, the EZ-flip-down-door on the side of the case is locked, preventing unnoticable intrusion.

  14. Useless, useless, useless by marxmarv · · Score: 5, Insightful
    This "design" is completely obvious to anyone the least bit skilled in the state of the art, and frankly doesn't add much information at all. There's ZERO reason you would need a PLA for this project when 7400 series TTL has many available multi-input OR gate functions. What's worst, none of this works anyway because all you need to do is unplug the PC or otherwise disrupt the power to the gate or PLA to break into it (the normal state is, after all, active low).

    So what we have here is some fourteen year old with his own "security" organization, a metric buttload of super glue and an utter lack of clue who writes a frankly useless article so that he can pretend he's important whilst slinging around big acronyms like "PLA" and "VHDL" when the tools they represent are useless to the task at hand. In other words, a snake-oil salesman.

    -jhp, smacking down dim-bulbs everywhere

    --
    /. -- the Free Republic of technology.
  15. Re:News from an AC by Jucius+Maximus · · Score: 3, Informative
    "I guess you can't expect much better in news from an AC. Maybe posting news should be restricted to users that are logged in. Has anyone seen useful articles from an AC before? Just curious."

    I suggest you search through the archives of "Ask Slashdot." You'll find many interesting stories where it is clear that if the poster's identity was given away, they would be in trouble with their boss/clients.

    Technology Sectors that are Hot or Heating Up Now?

    Is it Wrong to Accept an Employment Counter-Offer?

    Technology for Undercover Journalists?

    Convincing Management of Network Security Issues?

    Headhunting Laws?

    And more ...

  16. So Basically... by Ribald · · Score: 3, Insightful
    ...some 15 year old kid noticed the CI connector on his motherboard, his chassis didn't have a microswitch to connect it to, so he superglued one on. Then he comes up with an idea to make it sound complicated, throws in some acronyms (for devices/protocols that would make it _very_ much more complicated than needs be), invents his own security company, and offers to license some code to run it for a small fee. Brilliant.

    If you can't tell from all the other posts, this has been implemented for a great number of years on nearly all business-grade desktops, usually accompanied by a provision for a physical lock.

    If this kid actually gets someone to buy into this and pay him to license his "software", I've gotta give him at least a little respect. At least he's not the one paying for it.

    --Ribald

  17. Re:Air pressure by Graspee_Leemoor · · Score: 5, Funny

    "Sounds interesting, but incredibly impractical."

    Ah! You have issued the rallying cry of the /. case-modder...

    "It sounds interesting yet totally impractical! To arms, my brothers! Let us mod this case!"

    graspee

  18. It gets better by Nyarly · · Score: 3, Interesting
    From the article:
    "I could not find any DMI applications for linux, so I have no way of testing it to see if it worked..."
    So, beyond the dubious importance of this "design" - which begins with setting up copper contacts on the case and moving on to pressure switches - he can't give us any results because he doesn't have a utility to check the register.

    That's classic.

    Two bits says this made it to the front page because he mentions he's running linux on his "CIDS."

    --
    IP is just rude.
    Is there any torture so subl
  19. Another option by RadioTV · · Score: 4, Interesting

    I work at a large public university and I admin an unmonitored lab. This is what we came up with.

    We used a home security alarm system modified to connect to the computers. We mounted a switch inside the case that would open when the case was opened. We put the correct resistor in series with the switch (home security alarms don't just measure continuity, the also measure resistance) and connected it to a RJ45 jack on a blank slot cover. We mounted a plate to the monitors either by replacing a screw with a security screw kit (you can't remove the screw without removing the cable run through it) or using industrial super glue. Loop the security alarm cable through the monitor plate and the lock hole on the back of most computers, connect it the RJ45 jack and arm the alarm. If someone disconnects the cable or opens the case, a 125db alarm sounds in the room and an automatic call is placed to the campus police.

    --
    I have great faith in fools - self confidence my friends call it. - Edgar Allan Poe