Hey all,

I have a network switch located in a room where "untrusted" people can enter.
By "untrusted" I did not mean deliberate tampering, but people who try to plug their PC on some spare plugs of the switch, and even sometimes remove plugs to put their own network wire.

I am looking for a product allowing me to prevent it: for example a locked box allowing the path for electricity wire and a few coper wire, but disallowing physical access to the switch.

Do you know any model of this?

Thanks

Hi

You need a kind of device like this, http://en.wikipedia.org/wiki/Permissive_Action_Link only difference being it is adapted to network conectors...

What brand/type switch, is it managed, like a cisco?

I know that such things exist, I've seen them at my school, they're just wall mounted locked boxes with a switch inside. However, I have no clue what they are called and cannot find them online.

Are you sure ?

Hi H_TexMex_H

AFAIK, ( I am not an expert on this, but i Know personally people from where i studied that are ) defeating a PAL is the closest thing to Impossible there might be....

This has a high security criptographic token with several password that are required to perform the several actions, with different levels of security, to arm, test hardware, initiate a self destruction procedure, ( useful to render the device unusable ) although not a nuclear blast, perform self diagnostic checks ( check the operational status of the several slappers ( this in the 70s technology level ) needed to ignite a multifocal device ) etc

...And a physical anti-handling mechanisim : sort of , if you try to handle or tamper with this without first disabling the anti handling thru a mantenance password protected operation, it will most probably render itself unusable, with dire consequences to the n3|2d who tied to do the trick...


Now, only remains to transpose the basic features of this to a network switch hardware :

1. Physically secure enclosure, with sensing mechanisms that detect iminent security compromise, and take appropriate counter action.

2. Highly protected ( thru a cryptographic layer ) interface, enabling only some authorized users to perform actions in the secure hardware, using a software interface.

... same principles apply... althogh not as security/reliability stringent as in the case of a PAL...

EDIT::The only way to defeat a PAL and what it protects IMHO, is killing its energy, and abusing of physics : If you dip the device protected by the PAL into something like liquid Helium, or Hydrogen ( you wont find these in the utility shop nearby... LMAO ), and let temperatures stabilize, ( I am talking of a device that weights in the dozens Kg range ), this could take a while... all electronics freeze, semiconductors become superconductors, the circuits simply die, and the batteries powering those will have such low reaction rates that will be essentially non existant.

At this temperatures, the most high strength alloy encasings become brittle as glass, and the most sensible energetic materials ( high explosives ) are insensitive to shear ( the reaction chain doesn't even initiate ) this means that you simpli pick the biggest f**king hammer that you can get, and wack the damn thing into pieces...

There you are... you defeated the PAL allright, but you have just a handful of cracks... some of them can be "recycled" by Al Qaeda though... , but recycling them is just "not easy"...

I think you've been watching too much TV, try to cut down.

No tv...

1. PALs exist allright

2. They are based on sound and well established laws of physics, not on some kind of hocus pocus magic or sorcery...

3. They are contraptions made by men, and as such they are fallible...

4. Their mechanisms of failure depend on exploiting some flaws and limitations inherent to their design...


If 1 to 4 are true ( which they are ), then probably my conclusions are not based on tv... regardless of the fact that i watch some...

I know personally a person who used to develop this, in here

http://en.wikipedia.org/wiki/Sarov also called Arzamas-16, he was a

resercher in energetic materials in the place where i studied, after the fall of Soviet Union, when lots of them became jobless as reseachers, and started to work abroad... this also, is independent of TV...

Some Links :

High strength steel alloys at low temperature :

http://www.springerlink.com/content/g02506l4p7627843/
http://www.bssa.org.uk/faq.php?id=26


Energetic Material behaviour and phase transitions at Low temperature... :

http://onlinelibrary.wiley.com/doi/1....200700258/pdf
https://share.sandia.gov/crf/crfnews.php?id=250
http://www.osti.gov/bridge/servlets/...C/webviewable/

( this is a report from SANDIA labs in the US on thr Cryo Cycling of energetic materials at low temps ( duh , Cryo : )


And there is a loot more information out there.. some of it is classified and inacessible, but lots of other information is accessible...


BTW : Online University and research centre's libraires are more reliable than Tv, IMHO

Hi

As you don't need a military security (I guess), I would say, just buy a safe and drill few holes in there to pass your cables and you are done.

Something like this should do as the sides and the door are not too thick:
http://www.walmart.com/ip/Stack-On-S...ndingMethod=rr

Angel

You still didn;t saw what brand of switch? If it has any manageability at all then you can just disable the unused ports.

which won't stop people though to unplug existing plugged connections for their own cable.

though with manageability should be possible to allow only certain MACs though, I'd guess.

Yep, Cisco had some fancy deal that the first mnac address a port sees becomes the only one allowed through. so if you unplug that one and plug in another it won't work. If end user gets a new desktop or nic then you just clear the old mac from that port and let it store the new one.

I assume that the servers are rack mountable. I would also assume that the switches are also rack mountable. So get a lockable rack, put the servers and switches in there and then lock it up. That way you just need to secure access to the key - which is just normal security measures.

Is it possible for you to simply lock the door? Or do other people need to get to it?

screw it to the ceiling and remove all the chairs and tables. LOL

Having it in a bunker, screwed to the ceiling wont matter at all...

http://www.youtube.com/watch?v=GSdVhuT287w

What about the specops guys from SPETZNAZ...?

You need a f**king army to protect this... LMAO

...no tv shit... some ppl can be quite resourceful...