Hardening Your Computing Assets2 c1996Carlo Kopprequired hydrodynamics expertise to ees a ID: 100432
Download Pdf The PPT/PDF document "Hardening Your Computing Assets " is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Hardening Your Computing Assets Carlo Kopp Carlo.Kopp@aus.netABSTRACTComputing equipment designed to commercial standards is susceptible to a widerange of electromagnetic attack techniques. This introductory paper reviews the suscepti-bilities of such equipment and proposes some measures for hardening at a site lel, andhardening equipment by design.Computing equipment designed to commercial standards is susceptible to a wide range of electro-magnetic attack techniques. This introductory paper reviews the susceptibilities of such equipment and pro-poses some measures for hardening at a site le1. DefendingAgainst IWThe rst question which we must ask is whether we are at risk or not, and what are the likely lossesto be incurred should we be successfully attacked. This provides baseline for the budget to be allocated tothe task of protecting our site. The second question is then that of what is the most likely mode of attack.Cyberwar attack or hacking will in mannstances be the preferred mode of attack, but in someinstances electromagnetic attack intended to cause denial of service for short or long periods of time maybe a possibilitynthe short term, electromagnetic attack is not particularly likelyfrom Europe and the US suggest that it is beginning to occurorldwide start deployingHERF guns for trafc control purposes (see an early Nocientist for more detailhere), the technology will howeecome more a,and the frequencfincidents will inevitably increase. The lave scareful thought to the fact that in promoting the proliferation of the HERF gun to solvment problem, theve iertently opened a Pandora'potentially far more expensive the general public.Having determined that we are at risk from electromagnetic attack, we must then determine what thelikely style of attack will be. The threat can be divided into high power and loHigh power attack, by ux generator bomb or microve bomb, is less likely but considerably more dam-aging. It is less likely because the technology is difcult to produce without the resources of a goresearch establishment, and the equipment to perform this kind of attack requires often difcult to sourcematerials, such as high grade plastic explosiin nuclear weapons, and nally a non-trivial amount of expertise is required to use these weapons properly.Deliry may also prove teanissue, as a high power ux generator requires a packaging volume similarto that of a sizeable car bombigh power attack is therefore only likely in the instance of warratattack sponsored by a hostile gornment prepared to provide the logistical support for the weapons. It isrth noting that anrnment with the ability to build an implosion type nuclear bomb will have tirst published in the Februaryacic Open Systems Review, Computer MagazineGroup, NSWarfare - Part 2". Tork (c) 1996, 1997, Carlopp. Included with permission. Carlo Kopp, MSc(Comp.Sci), BE(hons), is a former computer design engineersystems programmer and a practicising Unix systems consultant, with o5yxperience. Atthis time he is working on his PhD in Computer Science at Monash UniemCarlo.Kopp@aus.net or http://www.cs.monash.edu.au/~carlo . Hardening Your Computing Assets-2- (c)1996,Carlo Kopprequired hydro-dynamics expertise to ees a ux generator or microve b.Loer attack is more likely simply because the expertise required to build a HERF gun is muchlowerhe components are quite readily ailable, and nally with the expected wide proliferation of policeHERF guns these will be relatire not as yet cogislation in mostcountries, it is entirely feasible that such "Luddite specials" will be smuggled across national boundaries.Other modes of lower supplies and Tazer attack onLANs, are also more probable because the technology to do these is readily ailable, particularly in theUS.There are a wide number of measures which can be applied to hardening a site against such attacks,and we will no2. SiteHardeningSite hardening is based upon the model of electromagnetically "soft" computer equipment being pro-tected from exposure to damaging voltages and electromagnetic elds. In this fashion, the user has thechoice of arbitrary computer equipment, which is survisite hardening approach is that an attacker who can penetrate the site'he hard protec-tive shell of the installation, may have the opportunity to do much damage.The starting point for site hardening must be networking, as networking cables are exceptionallygood at propagating damaging voltages which may be coupled into them, and because networking inter-ces are often not designed to handle anything beyond trivial lewer.he network is probably the easiest part of a site to harden, because optical bre variantsof most networking interfaces are readily aport optical bre versions, which are commercially ahe shelf. Whilst theve than their copper equiind of electromagnetic attack, aswell as being inherently immune to problems with building earths, and lightning strikes. Because a shortrun of a 62.5 graded indeptical bre cable also has a bandwidth running into Gigabits/sec, it is also arthwhile in00-Base-T and ATM twisted pair cables which will ceaseto be useful in a decade or so, when the industry moptoGabit/sec network speeds. Needless to say,while these are all excellent reasons for installing optical bre LANs, rather than copper LANs, the shortterm cost oamiliarity in the marketplace mean that to date, only a small proportionof the existing LAN base has adopted this superb technology.The next item on our list is the protection of the mains power supplytial single point of failure for manachines on a site, so does the mains power distribution in a site. Highltage spikes or high RF voltages injected into the mains power will nd their way to almost emachine hanging ofhe mains. Because most machines emploow cost volume production switchmodesupplies, particularly PCs, it is possible that damage may be caused directly to the power supplypower supply cope, then it is entirely possible that damaging voltages can couple through the supply intothe equipment to damage or disrupt logic devices. Surge suppressors and uninterruptible power supplies(UPS) may be quite ineffectismost of these are designed to cope with much less destructive cstances. Of major concern is that manPS types are of the cheaper standby/bypass varietymains power directly through and couple the standby battery power in only if the mains goes down. As aresult, a large spikrRFvoltage injected into the mains will pass through them quite unhindered. In anyev ent, a love aForsit coming in from outside, leaving thesite with X minutes of uptime before the batteries are exhausted. If the UPS is bypassed to get the site upand running, the next hit will get at the site'.As with networking, a simple and relatientirelynd it is not by an-generator power isolator.Such devices are simply built by coupling a robust single or triple phase electrical motor to a single or triplephase generator (alternator). Mains voltage powers the generatorwer forinternal distribution within the site. It is worth noting that motor-generator power conmonly used in the early days of mainframes, as the then dominant linear power supplies did not cope wellwith poor quality mains power and thus motor-generators were a must to achieve good uptime and a Hardening Your Computing Assets-3- (c)1996,Carlo Koppmainframe crashes.=DETAILPLAN VIEWDOORS WITH ELECTROMAGNETIC SEALSRADIATION TRAPPOWER FEED ENCLOSUREELECTRICALLY CONDUCTIVE LINING"AIRLOCK"OPTICAL FIBREDATA FEEDPOWER FEEDAIR CONDITIONINGMESH SHIELD WITH EM SEAL(C) 1996 Carlo KoppFIG.4 COMPUTER ROOM HARDENED AGAINST EM ATTACKSo, if you have ald motor-generator mains conwmay be the time to dust it ofve iew lease of life. If not, you may have txpend a fe Hardening Your Computing Assets-4- (c)1996,Carlo Koppdollars and get one built or ordered. Needless to say-generator should be installed upstream ofthe UPS or anvices within the site.An important note here is that a motor-generator will protect the site from disruption injected into themains from outside the building. A HERF gun aimed into the building may couple directly into the mains&#xI000;wiring &#x/I00;wnstreamprotection device.If we have installed optical networking and protected the building or computer room power supply,we have made life very difcult for an attackerill have nhoice than to specically target a ginroom or area in the building with his HERF gun to couple into local mains wiring, kor SCSI cabling, or get through the shielding of the machine in question. Hower, a number of straightfor-rd solutions exist to this mode of attack as well."Spikes"Mains Power FeedDirect Aperture CouplingStanding WavesNetworkStanding Waves"Spikes"Fig.1 System Level SusceptibilityTo shis problem we can use Faraday cage or electrostatic shielding to simply exclude RF sig-nals from the environment occupied by the equipment. A good measure of protection may be applied tomains wiring by running it through metal enclosed cable trays, and threading it through exible metalshielding armour from the tray to the wall socket where it is to be used. A wide range of off-the-shelf com-mercial products may be used to this end.omputer room, ofce or equipment cupboard may also be built or retted as a Faraday cage,by coalls, oors and ceiling, windows and doors with conductive copper mesh. Even a verybasic shielding arrangement will exclude much of an impinging RF signal. For the very security conscious,this will also disable bugs and mobile telephones.If the site is critical, then comprehensive Faraday cage shielding may be warranted. Too do it thor-oughlyhe shielding must not only be comprehensive but eaps and apertures will need to bethoroughly sealed. This means that incoming and outgoing cables will need to be routed through RF trapsor Ferrite grommets, doors, windows and air conditioning vents will need proper exible seals (similar tothat in manve ovens), and a airlock arrangement may be needed for the doorhone lines in andout will also need to be coupled through optical bres. Needless to sayxpensi,particularly if the intent is to shield a large area or whole building. Hower, all of the required technologyhas been ahe shelf for manfort during the Coldr. The author has a 2 inch thick stack of component, seal and material catalogues, most acquired locally.As is quite clearainst most types of electromagnetic attack have baround for decades, and provide if applied properlyneainst nearly allthreats lesser than a ux generator bomb on your site doorstep. Players in the latter league will be more Hardening Your Computing Assets-5- (c)1996,Carlo Koppinclined to park a van loaded with ammonium nitrate in your site basement.Leaky ShieldingFig.2 Host Level SusceptibilityPower CablesNetwork InterfacePower SupplyMouseKeyboardI/O Slot AperturesPeripheral AperturesPushbutton AperturesI/O Cables3. HardeningComputer EquipmentHardening of computer equipment by design would obviate manftrheads which maybe incurred through site hardening. Indeed, if a piece of computer equipment is sufciently robust, then itmay not be necessary to apply anwer, hardening bydesign requires that the vendors of the equipment cooperate and since there largely oriented tominimising production costs of equipment to maximise margins, only intense pressure from the customerbase will produce the desired effect. Arguablyciently large number of corporate and goment customers demand robust equipment, then we may see some results.Mains Power FeedNetworkHardened Power SuppliesOptical FibreFig.3.1 I/O and Power Interface HardeningThe more likely route for such equipment to appear in the near term will be through specialist suppli-ers, such as the large number of US manufacturers (Codaradstone, Cyberchron, AP Labs, Interstate Elec-tronics) who supply "Milspec" packaged "ruggedised" versions of commercial computers to military and Hardening Your Computing Assets-6- (c)1996,Carlo Koppgornment customers. Such equipment uses commercial internals in a robust military spec chassis, built towithstand vibration, high temperatures, impact, dousing with salt water and various other indignities whichomputer in military service may have tfer.Comprehensive ShieldingFerrite Beads on Power CablesOptical Fibre Network InterfaceNon-Electrically Coupled PowerOptical MouseOptically Coupled KeyboardNo I/O Slot AperturesNo Peripheral AperturesNo Pushbutton AperturesI/O CablesFig.3.2 Comprehensive Host HardeningAn electromagnetically hardened commercial computer will not require the physical and environ-mental ruggedness of a military system, but will require the ability to cope with high RF elds, voltagesand spiked power lines. Therefore, it is likely to be much cheaper than existing ruggedised equipment, butprobably still much more expensive than off-the-shelf commercial equipment.The rst important area which must be addressed is that of providing high performance and compre-hensive shielding for the equipment. Existing shielding for goouldprobably be in the right class of performance. This would address the ability to keep to nasty RF elds fromgetting in through gaps, cracks and cooling grilles in equipment. Monitors, be theRT oCD based, willneed conductive materials embedded in the screen or screen coorThe power supply is the next item which needs to be addressed. A good measure of protection couldbe provided by a well designed condesigned into the hot end, but higher performance alternatioexist. Mannon-electrical coupling between the mains and the low-voltage side of the equipment. The simplest is aminiature motor-generator scheme, where the "hot" mains side uses a squirrel cage electrical motor to drivia a shaft an internal alternator or DC generatorgrated with a regulator arrangement to pro-duce the required +5Vuilt properly could easily t into theform factor of most current tower case PC supplies. Equipping such a device with an internal ywheeluld also provide a good resilience to short mains voltage dips. A power supply built this way would pro-vide much smoother power than existing switchmodes, and also aid the production of nasty RF interfer-ence, common to cheaper switchmodes.More esoteric schemes may be used, such as hydraulic power transfer (mains driimpeller to alternator), or fuel cell based schemes. In theoryvices could be built with similar ef-ciencies to existing switchmodes.Having addressed shielding, power and networking, we are left with the machine'-ces, such as the kxternal drilematic. There are no technical reasons whboards and mice cannot be built with optical bre interfacesrather than copper interfaces. A kboard could, in theory be built wholly with optical switching technol-ogyertainly the push toaces, driydemand for bandwidth, will solvternal peripheral problem, assuming that power supplies and chassis for external devices are suitablyrobust.In terms of other interfaces, the characteristic backpanel've to, asthese are all potential entry points. Again, there are no technical reasons wh Hardening Your Computing Assets-7- (c)1996,Carlo Koppfor all connections between pieces of equipment. It would certainly solvther problems our supportengineers have trapple with, such as ground looping between equipment.The author has designed manomputer chassis, and quite a fetion motherboards, I/O boards, bre comms equipment etc) ohe years, and can state without fear ofcontradiction that the interface and packaging design changes required to cope with an electromagneticallyhostile environment could be readily integrated into the existing technology base. Indeed, the commercialopportunities for smaller manufacturers in the production of hardened equipment chassis and interfaces,using standard commercial internals, are considerable in the medium term. Wan hope that our industrywill rise to this challenge.