3

I understand that it is not possible to secure your software if a third party has physical access to the box (eg colo). So may be I can install some sort of hardware (like a seal) which only need to be physically broken to get access to certain server components (eg RAM). So if it is broken I get compensation through legal process rather.

Any ideas are welcome.

EDIT. PLEASE answer the question - are there commercially available tamper evident devices for rack mounted computers?

Here is another question which explains the underlying issue for those with curious minds :) Help to account all the points of physical access to a rack server to steal software

Community
  • 1
Boppity Bop
  • 245
  • 2
  • 7
  • Locking cases/hardware, setting bios passwords and disabling other boot devices is a good start. I've also seen some neato ink/paint bombs that you can put inside cases that will cover a would be thief in ink when they open the box - might be over kill though. – Robert Feb 18 '12 at 00:21
  • 1
    See also http://security.stackexchange.com/questions/10354/methods-for-protecting-computer-systems-from-physical-attacks – mikeazo Feb 18 '12 at 00:23
  • @mikeazo thanks the article has 2 useful links but the answer itself is not what am i looking for. i need something more solid than just piece of tape. it has to be solid device which can be presented in court if something will happen. – Boppity Bop Feb 18 '12 at 00:34
  • @Robert - I need a durable device. I am not talking about a guy in balaclava. the protection I am looking for is against the company which will colocate the server. I think that a legal deterrent is the only way to keep them away (please dont ask why would I colocate my server with people who might want to steal - believe me there is no other choice). – Boppity Bop Feb 18 '12 at 00:37
  • 1
    Could you explain more what you are assuming your attacker is after? Data on the hard drive, hardware in the box, etc. Your best bet is to take out an insurance policy. If someone can insure their mustache (http://abcinsuranceleads.com/pages/strange-insurance-policies.php) I'm sure you can insure your IP, hardware, whatever. – mikeazo Feb 18 '12 at 01:55
  • I still need evidence to get paid by the insurance. So we coming back to the same question - are there tamper evident devices? Thank you – Boppity Bop Feb 19 '12 at 01:31
  • 1
    So you're not worried about theft, but you are worried about cold boot attacks? Have you taken a complete look at your threat model? If they own the switches you plug into, and are on the same subnet, they can hijack any connection (HTTPS and any SSL based technology included) – makerofthings7 Feb 19 '12 at 01:35
  • so if I connect remotely to the box you are saying they will snoop my password? in that case I will have to disable access to the software for that account. will this help ? – Boppity Bop Feb 19 '12 at 02:22
  • @Bobb, How do you prove to your insurance company that your car was stolen? To some degree, they have to trust you and you have to trust them. When it gets hard is when you start talking about digital "things" which are not stolen but copied. Are you talking about digital "things" or physical things? – mikeazo Feb 19 '12 at 02:36

4 Answers4

8

It sounds like you want a tamper-evident security seal. There are many commercial offerings. You can look at tamper-evident tape, cable seals, padlock seals, and many other options. I recommend that you read background information from Argonne National Laboratory, which has done some of the best research on the security of these seals.

Let me warn you of some caveats. First, the effectiveness of the seal is highly dependent upon the procedure used for inspecting the seal. Second, most seals can be defeated without too much sophistication, so they provide only a low level of security. You are not going to find something that "proves in court" that the item was not opened.

I also recommend you read Security Seals On Voting Machines: A Case Study, by Andrew Appel. It is a case study that looks at how these seals have been used to protect voting machines. It has many great pictures of examples of seals that have been used in that industry, to give you a feeling for the range of options. It also gives some hard-earned lessons: for instance, it explains why seals have been ineffective at protecting voting systems, and (as a cautionary note) it talks about how easy it was for someone with no prior knowledge of the topic to work out on his own how to defeat the seals.

With all that, tamper-evident security seals might still meet your needs. But you need to understand that they are not magic, they are not a silver bullet, and they do have some limitations.

D.W.
  • 98,420
  • 30
  • 267
  • 572
  • yes I am beginning to realise. but agree - i need to attempt this otherwise I wont move the box. – Boppity Bop Feb 19 '12 at 02:24
  • 1
    found good paper here : https://media.blackhat.com/bh-dc-11/Schwettmann/BlackHat_DC_2011_Schwettmann_Steal_Nuclear_Bomb-wp.pdf – Boppity Bop Feb 19 '12 at 02:53
  • Also realize: If you can buy the seal, anyone else also can buy it. They can just open your hardware, completely remove the seal and add a new one. – Josef Jan 18 '17 at 11:43
3

If you're worried about hardware theft, then get them to sign off on the inventory you have there. Make that list detailed and include serial numbers from everything such as the RAM etc.

HP has an inventory checker that will compare swapped out parts from a baseline. It only works with HP servers, but may be worth looking at.

makerofthings7
  • 50,090
  • 54
  • 250
  • 536
  • I was talking about cold boot attack. if they remove RAM I need to be able to prove it in court. Please dont give me legal advice. I was asking about tamper evident device specifically. If you know anything about this please answer if not please be kind and remove your answer. thank you – Boppity Bop Feb 19 '12 at 01:23
  • I removed the legal blurb. Does this still help? If not take a look at my comment below your question – makerofthings7 Feb 19 '12 at 01:36
  • Thank you. I need something which can be hard proof that the box was opened and/or some hardware was manipulated. Hardware theft isnt concern at all. Please read my another EDIT with link to another question which clarifies the problem if you are curious. But here I just need to find out if there is a tamper evident device I can buy for my Dell 1U server. – Boppity Bop Feb 19 '12 at 01:49
  • 10-4. I'll leave this answer since it contains information about HP's inventory checker that may be relevant in other's situations – makerofthings7 Feb 19 '12 at 03:18
  • 1
    @Bobb - Helps if you post complete questions and use proper grammar. – Ramhound Feb 27 '12 at 17:37
0

Easy answer: mount the server and monitor it with a Surveillance camera from Day 0.

If the box is opened, and you will see who did it.

Then disable all remote access to the box so no passwords (even encrypted) are passed over the wire.

makerofthings7
  • 50,090
  • 54
  • 250
  • 536
0

Some cases come with detectors which plugin to the motherboard, when the case is opened it flicks a switch which will cause a beep code alarm the next time the system is booted.

Inverted Llama
  • 553
  • 2
  • 10