Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Datacenter Wiring
From: John Brand <jbrand () ARL ARMY MIL>
Date: Tue, 31 Oct 2000 15:09:22 -0500

Was thinking about how to improve security on bundled wiring--just
speculation, as that's not really my union.  Here is maybe ten cents rather
than two, please feel free to suppress.  I may be preaching obviousities.

The key is the expected threat.  If you are a small business, you shouldn't
need to worry about mission impossible stuff.  You might worry about
hacksaws, but probably not portable CO2 cutters.  Likewise location of
cable runs has a lot to do with what you can do in terms of
instrumentation.  Ditto budget, but a lot of this stuff is so cheap I
suspect it probably costs more for a big company's management  to decide to
do it than to actually do it.  The real bucks probably come in monitoring,
though.  When you put together a plan, balance these carefully, and never
forget stuff breaks.

I terms of monitoring system health, always select sensing components that
return a signal when healthy, if possible, and fail quiet.  Then you can
sample for output, for both intrusion status and sensor health.  A
microphone might not do that, but if a random noise were introduced pretty
often you could sense that as a measure of sensor health.  Vary freq and
amplitude randomly.  When the mike goes off the air it is broken or you
have an intruder who has disabled it.

Pressure in the pipe--yes, absolutely.  As long as you don't have to change
much very often, or as long as you have a well developed modification
protocol and folks who can do it.  Use pressure sensors that trigger on a
higher threshold as well as a low pressure threshold.  Otherwise an
intruder can just pump the dickens into the pipe while establishing the
cofferdam or glove box.  Make them balance the pressure from first
perforation to withdrawal.  Still doable, but lots harder.  Note your
pressure will vary by environmental temperature.

If I use a sealed conduit I might use a capacitance alarm down the pipe.
Rodents could have lots of fun with an unsealed one, but maybe could be
dissuaded by the ultrasonic noisemakers available here and there.  The
pipe, if metal, also provides a shield so that other than vibration caused
by building vibration, bumping into stuff, and such, you should be able to
set an uncommonly low threshold for disturbance.  You might want to sense
in sections to increase the relative size of a disturbance compared to the
capacitance of the wire and pipe.  If you try to sense a small delta C in a
pipe two miles long that might make some intrusions below the threshold for
detectability.  Don't know if this stuff is on the market; building a
capacitance sensor and experimenting to find the expected delta C from an
intrusion into your pipe might run to some bucks.  Easy to do, though.

Pulses down the pipe, both radio and acoustic, randomly sent, could sense
larger objects stuck into the pipe.  Doubtful if they could pick up a fiber
probe to tap the evanescent wave around a fiber, but would at least force
specific types of intrusion.  Sensing transmission and reflection both
could avoid an intruder stuffing absorptive foam in the pipe and going
about their business.  Sensing amplitude of the transmitted signal also
adds a barrier to intrusion.  Using two different spectra adds to
difficulty in countermeasures.  Sensing might have to be piecewise.  Don't
know if this stuff is off the shelf.

If the pipe is in a tunnel or passage inhabited only rarely, a capacitance
alarm in the tunnel might be profitable.  Easy to build, too, if not
available commercially.

Microphones in and outside of the pipe should detect mechanical
breaching--saws and the distinctive ping of pipe splitters.  Suspect
torches or lasers--as I recall, about ten years ago one could get a sealed
TEA CO2 laser that was about a pound or so, mostly ceramic, and did a few
watts, check Laser Focus Buyer's Guide--would not produce much in the way
of sound, but might be detectable by pressure loss in the pipe or heat
sensors in the tunnel or passage.  Torch sounds in the passage might be
detectable.  Scattered CO2 beam and the glow from hot metal from laser or
torch should show up well if in band to the IR sensors.  The hot metal very
likely, the roughly 10 micron laser beam, maybe not.  All depends on the

Use acoustic sensors, both passive and sonar (active) for the tunnel or
passage, and use passive staring IR  as well.  These are radio shack and
ADT stuff.  Really cheap.  Always use two or more spectra if possible.

Low light TV is a good idea, very cheap to install, but maybe not to
monitor.  I strongly suspect one could use near IR supplemental
illumination for the small TVs on the market, rather than just visible.
They might then give a usable image in near or even maybe total visual
darkness.  Then, if a light level sensor were installed here and there that
triggered on visible illumination, if the bad guys were using flashlights
you'd catch them.  TVs with an IR blocking filter (maybe KG5?)would do that
nicely.  You could also put near IR sensors here and there to try to catch
the increased IR from the IR map reading diodes in night vision goggles,
too, if you wanted.  And if you can get a pyroelectric vidicon setup, if
they can still be had, you get passive thermal IR imaging with no cooling.

For fun you might put the movie type net of laser beams in there to lull
your bad guys into thinking they are home free.  Visible, red ones.  Maybe
they would use enough of the aerosol smoke to trigger the smoke alarms!

I really distrust smokes and stinks.  There is an osha web site for some of
this kind of stuff.  In reality it is, imho, just too dangerous due to
legal problems to contemplate.  It is in the same category as touch
sensitive crystals on the floor for alarm purposes--high school stuff, but
a very bad idea for practical use.

Well, hope this might be useful.  If not, sorry.

regards to all, john b.

  By Date           By Thread  

Current thread:
  • Re: [PEN-TEST] Datacenter Wiring John Brand (Nov 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]