GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a network switch located in a room where "untrusted" people can enter.
By "untrusted" I did not mean deliberate tampering, but people who try to plug their PC on some spare plugs of the switch, and even sometimes remove plugs to put their own network wire.
I am looking for a product allowing me to prevent it: for example a locked box allowing the path for electricity wire and a few coper wire, but disallowing physical access to the switch.
I know that such things exist, I've seen them at my school, they're just wall mounted locked boxes with a switch inside. However, I have no clue what they are called and cannot find them online.
AFAIK, ( I am not an expert on this, but i Know personally people from where i studied that are ) defeating a PAL is the closest thing to Impossible there might be....
This has a high security criptographic token with several password that are required to perform the several actions, with different levels of security, to arm, test hardware, initiate a self destruction procedure, ( useful to render the device unusable ) although not a nuclear blast, perform self diagnostic checks ( check the operational status of the several slappers ( this in the 70s technology level ) needed to ignite a multifocal device ) etc
...And a physical anti-handling mechanisim : sort of , if you try to handle or tamper with this without first disabling the anti handling thru a mantenance password protected operation, it will most probably render itself unusable, with dire consequences to the n3|2d who tied to do the trick...
Now, only remains to transpose the basic features of this to a network switch hardware :
1. Physically secure enclosure, with sensing mechanisms that detect iminent security compromise, and take appropriate counter action.
2. Highly protected ( thru a cryptographic layer ) interface, enabling only some authorized users to perform actions in the secure hardware, using a software interface.
... same principles apply... althogh not as security/reliability stringent as in the case of a PAL...
EDIT::The only way to defeat a PAL and what it protects IMHO, is killing its energy, and abusing of physics : If you dip the device protected by the PAL into something like liquid Helium, or Hydrogen ( you wont find these in the utility shop nearby... LMAO ), and let temperatures stabilize, ( I am talking of a device that weights in the dozens Kg range ), this could take a while... all electronics freeze, semiconductors become superconductors, the circuits simply die, and the batteries powering those will have such low reaction rates that will be essentially non existant.
At this temperatures, the most high strength alloy encasings become brittle as glass, and the most sensible energetic materials ( high explosives ) are insensitive to shear ( the reaction chain doesn't even initiate ) this means that you simpli pick the biggest f**king hammer that you can get, and wack the damn thing into pieces...
There you are... you defeated the PAL allright, but you have just a handful of cracks... some of them can be "recycled" by Al Qaeda though... , but recycling them is just "not easy"...
resercher in energetic materials in the place where i studied, after the fall of Soviet Union, when lots of them became jobless as reseachers, and started to work abroad... this also, is independent of TV...
Yep, Cisco had some fancy deal that the first mnac address a port sees becomes the only one allowed through. so if you unplug that one and plug in another it won't work. If end user gets a new desktop or nic then you just clear the old mac from that port and let it store the new one.
I assume that the servers are rack mountable. I would also assume that the switches are also rack mountable. So get a lockable rack, put the servers and switches in there and then lock it up. That way you just need to secure access to the key - which is just normal security measures.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.