On Fri, 3 Jan 2003, Thomas Shaddack wrote:
> > I have a related question. I have a little server sitting in a wall
> > closet. Does anyone have an easy solution (preferably low tech) for
> > figuring out that the closet door has been opened?
>
> A switch that shutdowns the server, and a passphrase on the startup.
A simple optical cable under the door (or through a itty bitty hole in the
ceiling) spots the switch. A remote manipulator or robot disables it via
a jumper.
Accessing the drive with the power up in this case may not be that hard
since you can VanEck it or do a direct physical attack via Hi-Z devices
for connection that then go 'active' after connection (hence bypassing
electrical effects like shorts and such). Once you've got the control
board in there put the cpu in a wait state and DMA the rest of the
hardware, or just sit on the bus and snoop the bits via wireless card to
a receiver in the ceiling that then re-transmits it.
> Remote logging of the power-ups, using the S.M.A.R.T. power-up count
> register on the hard-drive as an arbiter (if the adversary wants to access
> the disk, they have to power it up, even if they take the disk out of the
> machine and read it in another machine); of course they can unmount the
> disk's circuitboard and use their own, but they would first have to be
> aware about that possibility.
Never underestimate your adversary, never assume -you- have technology
-they- don't. Chances are they do, they may even have technology -you-
don't.
This is really what makes this problem so hard, for you to be able to
reliably detect them there are two components;
- you have to have technology they are ignorant of and even if they
observe it won't recognize it.
- even if they do detect the technology they don't have an access window
great enough to do anything about it.
Lot of mighty big 'if's' in there...better to go with simple one-way
detection mechanisms since they already have you under scrutiny. They will
be able to determine you know of it by changes in behavior (ie traffic and
signature analysis). So why even bother trying to hide your knowledge?
The second one is probably the most usefull. One approach might be to send
images off-site in near real-time. Assume any loss of signal as a breach
(better to be safe than sorry).
--
____________________________________________________________________
We are all interested in the future for that is where you and I
are going to spend the rest of our lives.
Criswell, "Plan 9 from Outer Space"
[EMAIL PROTECTED] [EMAIL PROTECTED]
www.ssz.com www.open-forge.org
--------------------------------------------------------------------
