well randommonkey, securing a computer need 2 things... first, a software security, then a physical secutiry. the smart-card is very much effective on the software side but clearing the bios will disable the smart-card reader so it won't be very effective... so you need security for you case too... so can use something like that http://www.saundersonsecurity.co.uk/itmidxcomputerlock.shtml or just weld the panels on the case... that way nobody can go in... neither you of course if you want to change something in your case, you'll have to cut it and buy a new case but I consider that it's pretty much the best way to secure a case... smart-card will work against most people... but someone malicious who have access to the computer itself can bypass it... every security is bypassable... and password crackers have been mentionned but I don't think you need to worry about them if you use strong passwords since they request lot of time to crack strong passwords... grab a smart-card motherboard which will resolve software security, then secure your case... it's the only way I see you can secure your computer effectivily
I'm surprised nobody has actually mentioned encryption here to any great degree. Beta124 mentioned it slightly, but I think we should have more focus for this particular application. It is not so much the fact that RandomMonkey's brother is going to STEAL his hardware (ie take it and sell it/never return). It is more the case that he doesn't want his brother looking at his files. Encryption is the answer here, I think. PGP is free and easy. His brother can get round all but the most extreme physical measures, it seems (like some kind of hax0r Houdini?). And you can't really bolt down a PC securely in a home environment. It would ruin the carpet . Just encrypt all the files. What is your brother gonna do with a load of unreadable files? Of course, he could format the HD, but surely then you could go and tell your parents he's lost a lot of your very valuable school work, and think up some interesting punishment. But then, unless you're going to weld the case shut, formatting is always a threat.
Legs tied to elephants come to mind....... Yeah thats right, i could just use encryption.... i dont know many programs if any that can by-pass a good password in pgp!!!! And with security screws... the pc wouldnt beable to be booted, or read... and because im using a laptop security device, it wouldnt beable to be moved..... i could infact wire a shut door sensor inside to an alarm so when the side panel is opened then it would set it off!!!!
right im confuseded, the server needs to be secure against brother so concetrating just on that - case lock (no way of opening case) bios pw bios only boots primary HD windows PW (no way of getting to data without cutting a hole in the case) secondly if the fileserver is going to be in ur room and ur scared of ur guests using it, shouldnt u be more concerned theyre gonna find ur dirty mags under ur bed rather than ur digital entertainment?
the thing with encryption is that you must use it wisely... let say that you computer crash and need to reinstall your OS... well all the files that are encrypted will be locked forever if you don't unencrypt (sp?) them.... if a hdd fails or your OS don't want to boot... you loose everything since the encryption key will be different next time you install your program... (except if you pay LOT of money to get your data unencrypted) think about it twice... happened to me once... with a formula one pool... lost 100$ bucks because I could'n open the scoring file after reinstalling windows and didn't unencrypt it.
Weld your box shut in a 100 KG Steel box, with just enough holes once youve hooked everything up, then no one will ever dare steal your system... You could have a keyswitch that locks both drives' data signals(all 40 pins) and wont let you use the HD's without the key. Then the only real way to get the system working is to unloack the case, take the IDE cables out and replace them with straight ones.
my suggestion. First of all, ure runnign a bed and breakfest, so just go ahead and put security cameras in all rooms that are family rooms(or the lodgers rooms if u r really uhh curious). Next get a removable hdd tray and take that with u whenever u go. Finally bolt the computer to the floor or something.
Im really shocked no one has thought of this yet: Instead of using a BIOS password, use a HDD password. This isn't in use on MB that 'we' buy, but on dells and namebrand comps you can set a password on the harddisk itself IN THE MBR so that you cant use the drive unless you knwo the password. I had this on a laptop drive that i forgot about, then tryed to use it a while ago (forgot the password...) and i cant. The thing is.... you cant get to the drive AT ALL... BIOS wont even dectect it after you are prompted for the pword.... Its like the drive shuts down, so you cant reformat it!! And another thing.... If you have the smartcard thing, if soemone can get to the drive, you can still use it!!!! Just take it out, making that smarcard with the computer, but you have the drive!!! She/he would still ahve access.... (BTW: Sorry if any of that didn't make sence.... Im really stressed today...)
BIOS pw (or your choice of biometric scanners/etc), encrypted FS. Even if he manages to get past the bios locking, with modern encryption unless you use a stupid passphrase, there is no way he will get around it. You can integrate the biometric systems with the encrypted filesystem layer at that, and use the results from a retina scan or something sim. as the passphrase. We've deployed systems like this in the NSA and DoD inner network circle of machines for physical security (concerns of intrusion from within, external intrusion is handled in a much different fashion).
I think I might create a showpiece fileserver showing of security, just to show people what is possible. I'll summarize for readers of this thread both my thoughts and different strategies available: Biometrics are cool but expensive and at present somewhat haphazard, not so much in the case of reading somebody else as you but as not even reading you (you have to have your eye at exactly the right distance from cam, etc or not have too oily fingers and so on). For the moment, the ones you can afford are a bit of a gimmick. The SIGMA box is wicked and the mobo isn't too bad either for performance according our Lord Linear's review. An authentikey available from here would help a lot as well. You can't beat PGP for free encryption. Combine this with inherent NTFS on the XP volume should make it tough. Lockable power supplies are great too but I have no link available for this. I can't find anything at the moment about passwording your MBR sector (I found Pointsec but you don't have 100 users...) At the end of the day, PC security is like home security - all you can do is make it so difficult that it takes up so much time that they will be caught. A burglar can and will get into your house, but with the right protection it can put them off because it will take too long. Layered defence for you is the best bet - sure, they can crack open the case after half an hour of picking the lock; after somehow getting past the secure screws, they then, with their sturdy lockpick, also overcome your PSU lock; then they may or may not be able to boot your system if you have SIGMA enabled; then they can't get past the MBR lock on the HDs, which you had in a locked cabinet as they are removeable volumes; then the USB dongle slows them down, which, when in, allows your biometric-protected login to fire up; followed by them spening days getting to your files in the PGP-encrypted partition you create; and then Windows XP itself is not too much of a slouch these days and will defeat a lot of your basic muppets anyway. That's after they find your Logitech cordless mouse and keyboard you locked in a separate room and used the secure mode onboard the software of course. Sounds like something I wanna build just to see the results
I think your best beat is a finger scanner, to log tho the computer needs to scan yr finger...They don't cost to much now aswell!!
Use an iButton system? They're kind of like the smartcard idea but the reader is compatible with any system with a serial port and you could get a few of the buttons in case you lost it I saw them on eBay recently going for a few quid including a reader Was thinking about bidding but decided against it as I have like, no use for them
OK...first off, use a 2048-bit or higher PGP-security key. No key cracker known to man (yet) can crack 2048-bit keys and above =)...I personally use a 4096-bit key...I am very paranoid All you have to do -- is export your private keyring and public keyring in PGP, burn them to CD or copy to floppy (warning: do NOT encrypt these hehe), and then keep the CD or floppy in a VERRRRRRRY secure place. That way, if your HD crashes, just reinstall PGP, and Import the Private/Public Keyrings from the CD/Floppy =))) and, yes, I have been working with PGP for a while =) I am also a network & server security/administration 'wizard' PCjabber
why cant you just make a key lock that locks both the poweron button, the motherboard and the case it self?
or even make it a finger print lock ... and it will also lock the power so you get a special battey that you have to plug in before you can activate the fingerprint lock... kind of a stand alone thing
1: Use special Torx screws to keep the side panel one the case, and hide the Torx screwdriver. 2: Back that up with a lock on the computer case. 3: Replace the normal IEC power connector on the PSU with a nonstandard one, then make a special cord for the computer. When you want it secure, take the power cord. 4: Use a BIOS password, and a very secure one at that(the case is locked, so it's impossible to reset the BIOS without having to get past a lock and Torx screws).
True, this will work, but where is he going to put the HD when he leaves his computer? I certainly dont like carrying around a HD in my hand....I still think encryption or A-Key (see authenex.com) combined with case security is the best way to go.... PCjabber
There is a reason companies spend so much money on securing their servers. Sure, you can make things hard on the software side, but as has been stated here, if somone gets physical acces to the system, you are in trouble. This is why there are special server enclosures that cannot be opened without the proper proprietary tools. Torx bts, safty bits and so on can be found with relativly little hunting. It is even easier if the the person trying to get at your stuff knows anything about tool making. Doors can be broken, cabinets smashed, ect. A vault is about the safest enclusure to put somthing in. And while companies don't build armored rooms for their servers, they do put them in very secure areas of their buildings. They then scure the actual room that the computers are in, and may even secure the actual racks that teh computers are mounted to! So far, it doesn't sound like you are prepared to go to these measures to protect things. Maybe you need a guard dog, or you should sit there with a 2x4 (or a clue by four if you prefer ). But if this is to be a file server in the traditional sence, then there is no reason short of an OS failure or hardware failure to get physical access to the box. Since it will be networked, then you could put the box just about anyware so long as the enviornment isn't too hostile. Use a remote terminal service/secure shell to acess the box remotly, and your set. Power a problem? Get a UPS. Encript your data, and keep backups of EVERYTHING. Tapes could be a good option there because I doubt you yonger brother has spare tape drives lying around. Security is expensive, that is the bottom line. Of course, if it is simply the power button, get a car's ignition lock, and wire it up to be the power button. The smart card is a good option as well, but none of these actually control physical access to the box.
