September 5th, 2008
11:27 am
Alarms
Photoelectric beams are another form of motion detection…sort of. Sort of? This type of motion detector is somewhat different than the rest. You have probably seen many forms of them and not known it. An example would be the annunciation device used in commercial establishments to let the proprietor know when someone has walked in the front door. Some dry cleaners happen to have one of these. Most of these are nothing more than a set of photoelectric detectors hooked into a control and a buzzer.
The detector itself is quite a simple device consisting of a transmitter and a receiver. The transmitter emits a beam of light that is sent to the receiver. The light in the older models is quite visible; the newer models, however, use more of an invisible source and are virtually impossible to see. Please see the picture at left for the various photoelectric protection patterns.
When the photoelectric receiver no longer sees the source of light, it opens it’s internal switch and signals an alarm. This is done very quickly. A break in the light source for as little as a second will trigger an activation of the alarm system. So, guess what happens when the intruder walks into the invisible beam of light? You guess right-the beam of light is broken and sensed by the receiver, which activates a small switch inside the unit and causes a break in the protection loop. The alarm master control senses this and, yes, the alarm system activates all of the bells and whistles that are attached to it.
This type of detection device is designed to operate over both short and long distances. Some models are designed to go a few hundred feet and some a few thousand. They are primarily used in two applications. The first is a large warehouse situation where a motion detector simply would not reach far enough. For instance, if you were trying to protect a long row of roll-up doors or a long aisle in a trucking company building, a photoelectric detector could be used to send an invisible beam across the entire length for excellent protection at a minimum price.
The second application might be in an outdoor area such as a car dealer lot or an open storage yard. Outdoor units generally are placed in special enclosures that are tamper-resistant and equipped with small heaters so that the cover of the detector does not fog up or collect morning dew. What I mean by tamper-resistant is that the unit may have a smaller tamper switch connected to the alarm master control that will sound an alarm when the cover is removed. If the detector is so equipped, it is normally in operation only when the alarm system is on.
Now we’re ready for the fun part. Circumventing is fairly simple. Let’s review. We have two units to be concerned with-the transmitter and the receiver. Since the transmitter normally only transmits light, we don’t need to be concerned with it at this time. The receiver, on the other hand, is where the critical pair of wires are. As in the other circumvention techniques, the system needs to be in the off position.
The key is to identify which unit is the transmitter and which is the receiver. Not a difficult task. Look at both units. The transmitter is probably only going to have one pair of wires running into it. That pair is used to power the light source. On the other hand, the receiver should have four wires running into it-two wires for power and two going to the protection loop. It may also have a meter or monitor light on the front to let the service technician or alarm user know whether it is working or not.
As with the other motion detectors that we’ve previously looked at, you must identify the two wires for power and the two for the alarm loop connection. You don’t want to disturb the power wires. Instead, you want to carefully disconnect the pair that connect to the alarm protection loop. Strip back about an inch of insulation and simply twist wires together. Don’t forget to replace the cover. All done. It’s out of service, but since the power is still connected, it will look like it’s operating perfectly.
No matter how much of your IT is outsourced, you have the feeling that the data at the datacenter is secure. Your databases and storage, sometimes your Active Directory and other servers are there. They are secure - the procedures to protect your data are usually tough to bypass and little attackers are brave and smart (or stupid?) enough to try their luck there.
However, it is not at all important.
When somebody attacks you, they will attack your infrastructure, not the one at the datacenter. People bend much easier than equipment, and are much more succeptible to defeat. In fact, who will spend the time in breaking through tens of firewalls and protections at the datacenter, when they could bypass a single (or dual) firewall and get straight into the heart of your company?
New strategy. Before protecting your firewall, your DMZ (I already said in a previous post, that DMZ is useless) - protect your client computers. Yes, build your network with firewalls first, dmz second, internal network and finally client computers - but start protecting your network in depth *from* the client computers, outwards. If your accountant uses Excel, Word and Powerpoint in their work, do not allow them to run Firefox or Skype! Do not give them higher than Guest permissions on their computer! They want to install the latest screensaver? Fine, let them do it at home. No playtime at the company computer network.
Your system administrators, of course, need to work as administrators of their own computers. WRONG! Guest, and Run As when needed.
The CEO needs full access to his computer, of course! … ? - NO! Guest permissions. Unless he signs a document that he is ready to take responsibility for leaking confidential information from his computer, to the internet.
Think about it, and the logic will become clear. Leave one link weak, leave microscopic opening in your security - it *will* be used against you, sooner or later. Make sure you’re not responsible for it, do your job and secure as good as you can.
September 4th, 2008
4:40 pm
Alarms
Let’s have a look at the five most popular types of motion detectors.
Infrared motion detectors are the most widely used in security today. They are usually passive detectors, which means that they simply observe an area and don’t emit anything. They are the most frequently used motion detectors due to their low false alarm rate, reliability, and sound overall technology. They look like small plastic boxes (see Figure 7) and can usually be found in high foot-traffic locations in homes such as hallways or stair ways. In commercial applications, they are often found covering long hallways, warehouses, office areas, or long rows of windows.
Motion detectors are primarily used as a backup protection. Why? Simple. Perimeter door and window protection contact switches cannot detect roof or wall entries. Contact switches are great for protecting moveable openings, but what if someone knew that the perimeter system was set and that there were no motion detectors inside? They would be able to cut through the door or window [like in all those old ALF videos] or enter through the roof or wall completely undetected because the contact switch would not sense the entry due to the fact that the door or window was not actually opened.
Remember that the perimeter-protecting contact switch needs to be separated from the magnet in order to stop the flow of power back to the alarm master control and activate the alarm. If the door or window isn’t actually opened, then the contact switch is worthless in this application. As you can see the value of motion detectors as backups is great.
The infrared motion detector is designed to activate when it senses a change of temperature in a room. Every item in the room radiates a certain amount of infrared energy, or heat level. When there is a change in that energy level, such as a person entering the protected area, the infrared detector senses this and opens an internal switch, interrupting the flow of electricity (which is very similar to the way the contact switch operates). And when the internal switch opens, what happens? It acts like someone turned off the faucet, preventing the electricity from getting back to the alarm master control, which activates the alarm.
These devices are manufactured in various configurations that provide various protection patterns as well as protection feet. For instance, if you need to protect a large warehouse, you might think about using a motion detector designed to cover that large of an area. An office with a small amount of interior space to cover would require a less expensive short-range unit.
Take a moment and go through this exercise with me. Hold your hand directly in front of you by extending your arm forward and reaching out with all five fingers as far as you can. (Why aren’t you doing this? Let’s go! Right now! Please?) This extension is similar to how an infrared motion detector works. Pretend that your hand is actually the unit and the extended fingers are the pattern of the protection area. In other words, this pattern could be referred to as a “five finger” detection pattern. If an intruder were to walk into a protected area and pass through one of those invisible infrared fingers, the device would detect that individual and activate the alarm master control.
Most motion detectors, including infrared units, are designed to operate in open areas. This means that they cannot see through walls or other obstructions. Consequently, if you are using a long-range detector in a large warehouse, constant caution must be taken in placement of large pieces of inventory and equipment. If a truck or forklift is parked in front of an infrared motion detector, it could block the unit’s coverage and create a false sense of security. In a residential application, something as simple as placing a bag of groceries in front of a motion detector can prevent it from doing it’s job. That’s why we see these detectors mounted in hallways of homes at about a 5-foot height and in commercial buildings at 6 to 8 feet.
The question always comes up for us pet lovers out there: “Won’t my dog or cat activate the motion detector?” The answer is both yes and no. I’m a big help, right? But please see Figures 8 and 9.
In Figure 8, we see what might be considered a plain-wrap conventional protection pattern. In Figure 9, we have an example of a pet alley protection pattern. There are specific models of infrared detection devices that can be used to create this pet alley. They can be adjusted in such a way that the dog, cat, or other four-legged creature can move freely through the protected area.[Or a crawling rebel]
You’re probably wondering how this is possible. Actually, there is no magic involved. The protection pattern simply is adjusted to operate on a higher path. This means that the height of the pattern is set to operate about 3 feet or more above the ground. This allows the little darlings to run freely below the protection path without being detected.
Well, at least that’s how it’s supposed to work. There still needs to be a great deal of caution exercised here. If you’re directing the beam down a hallway of your home, for instance, the application will work fine. On the other hand, if you try to create a pet alley in a family room that is full of furniture, you may be asking for false alarms. Why? Simple. In case you already didn’t know it, as soon as you leave the house in the morning to go to work, your little four legged friends jump in your favorite chair for a nice day’s rest. What just happened? When Rover jumped on the couch for a nap, he probably jumped higher than what the pet alley would allow. Bingo, he just activated the alarm. The same is true when Muffy takes a wild leap in the air to try to kill that flying bug that has caught her eye.
The whole idea here is to use caution when using the pet alley application. It needs to be pointing in the correct direction and in a clear area away from anything that your pet could get up on.
Look for motion detectors the next time you go to the cleaners, a restaurant, or a friend’s home that is equipped with a security system. They almost always have a little red light on the front to show that they are operating properly when someone walks past the unit. It is commonly referred to as the walk test light. They really come in handy for both identifying motion detectors and seeing if they operate properly.
What, another circumvention technique? Yes! Actually, there are two circumvention techniques for infrared motion detectors. The easiest way to get past one is to cover it or point it away from the area that you want to access. Cover the unit with just about anything that it can’t see through, including a cardboard box placed over it, cardboard taped top it’s front, thick cloth, wood, underwear, etc, Get the picture? If you choose this method, the detector will only see as far as the obstruction and no further. Obviously, this needs to be done when the system is off or else the detector will do it’s job and detect you and cause a bell or siren to sound.
A little cautionary note. A couple of the motion detector manufacturers have begun to realize that this could be a problem and are beginning to build units that sense blockage. If these are blocked, the detectors will go into an alarm condition, which prevents the system user from being able to set the alarm. Don’t let this be a major concern, as most of the detectors on the market today don’t have this feature.
The second way to circumvent a motion detector is to think of it as a door or window contact. Do you remember how we circumvented that switch? All of the devioces on the protection loop work pretty much alike, and a motion detector is no different. When it senses a motion, it activates a small relay, which I’ll refer to as a switch inside the detector. Like a contact switch, the motion detector switch operates like a faucet or valve, cutting off the flow of voltage to the alarm master control unit. The master control senses this voltage drop and activates the alarm.
The big question in this situation is which two wires to strip the insulation off of and twist together, because there are four wires usually going into this device. Don’t be nervous; this is still a relatively simple procedure.
Remove the cover of the motion detector. It may or may not be held on by a screw. In most cases the plastic cover just pops off with a little pressure (tells you a little something about the alarm industry-cheap, cheap, cheap). This of course needs to be done while the system is off or else you will activate the alarm.
Two of the wires that you will see will be the voltage wires and two will be the alarm circuit wires. The power terminals inside the motion detector should be marked 6VDC or 12VDC. VDC means voltage direct current. DO NOT REMOVE THESE VOLTAGE WIRES! Why? No, you won’t get a shock. Rather, the master control will sense no power and the alarm user will not be able to set the system, which creates a service call to the alarm company and your deed will be discovered.
The next step is to remove the two wires that are not connected to the power, strip back the insulation, and as with contact switches, simply twist them together. Congratulations, you have just learned how to circumvent another very popular security device. It looks like it still works because the power is still connected to the detector. The walk-test light will function properly, and no one will know the difference.
Just for the fun of it, the next time you are in a home or business that is equipped with a motion detector, try to outsmart it. How? If you move very very slowly, I mean a snails pace, you may be able to walk directly up to the unit without activating it. This is because infrared detectors are designed to give the best coverage if they are cross-walked, that is, to walk across the protection pattern rather than directly into it. Face the detector from about 20 feet away and walk toward it. You may have better success approaching it this way rather than going across the protection pattern or protection fingers.
September 2nd, 2008
4:09 pm
Alarms
Contact switches are the most frequently used pieces of alarm detection equipment and, interestingly, are the easiest to circumvent. They are typically applied to moveable doors and windows in both homes and businesses. They come in many shapes and sizes and are available in various colors, though the most common are gray and brown.
The contact switch consists of a switch and a magnet. You guessed it – when properly aligned, the magnet holds the switch closed. In Figure 2, 
the switch is being held together by the magnet that is placed directly below it. In Figure 3, the switch is open position because the magnet is no longer there to hold it together.
The most popular type of contact switch can be seen in almost any business that has an alarm system. They are almost always found on the doors of the establishment to detect any illegal entry during closed hours. These are called surface mount switches because they are mounted on the inside surfaces of the door and door frame. The switch is mounted on the door or window frame, and the magnet is placed on the moveable part of the door or window. If the door or window is opened, the magnet will no longer be in the proper position to hold the switch closed. This will open the switch, which breaks the flow of current to the control box, which in turn trips a relay and sets off the alarm.
Even though the most popular type of contact switch is surface-mounted, they also are available in a recessed version that is actually embedded in the door or window frame and hidden from view (see Figure 4). You typically find these in homes where the aesthetics are important. Most people are very sensitive to any kind of alarm wiring showing in their homes, which makes the recessed switch an ideal choice.
Contact switches are manufactured in various sizes and strengths, depending on the application. The size of the magnet generally corresponds to the strength. The bigger the magnet, the stronger it is; conversely, the weaker magnets tend to be small. Whether large or small, the application dictates the size and strength used. For example, the older the door or window that the contact switch is applied to, the more play it usually has. If there is too much play and the magnet strength is not adequate to compensate for the movement in the door, false alarms could result. On the other hand, if the gap between the door and the door frame is relatively small, a lighter-duty contact switch would be acceptable.
Contact switches are placed in the protection loop of the alarm system and act as the faucets that we described in the first chapter. When the magnet is holding the switch closed, the electricity is able to flow freely through the protection loop and back to the alarm master control box. However whenever the magnet is moved away, the switch opens and can no longer flow through the protection loop and back to the master control. This causes it to activate the bell or siren and, if the system is connected to a monitoring facility, alert the authorities.
Now the fun begins. Here is the 10-second circumvention technique. You won’t believe how simple it is to circumvent this very popular and widely used device. Keep in mind that the contact switch is a vital part of almost every alarm system ever installed. Even though this device is one of the simplest to defeat, it is still widely used.
Circumventing a contact switch is as simple as twisting two wires together. In fact, most of the circumvention techniques that we will look at involve twisting two wires together. The question is which two? In the case of the contact switch it’s easy, because there are only two wires going to the switch.
To completely remove that particular switch from the alarm protection loop, make sure that the alarm is off. If it is on, you will activate it by performing the following procedure.
At this point you may wonder how someone with ill intent could gain access to your system while it is off. A common method of accomplishing this task is called the “inside job”. No big mystery how this name came about. The most recent crime statistics show that employee theft is one of the biggest risks to an employer. When someone on the inside sets up an alarm system for a later attack, it can normally be done without being detected easily. The person usually knows interior traffic patterns as well as the general work habits of other employees, which aids in the act of circumvention not being discovered. Bypassing the alarm can also take place in a busy environment- if a merchant were distracted by a partner in crime, the circumvention could probably be accomplished successfully.
The same holds true for devious relatives who have had their selfish eyes on the family fortune. A home can be set up as easily as a business. Keep an eye on the in-laws. Do you know where your children are tonight? Repair people as well as other visitors could also be setting you up.
Now to the technique. Simply remove the two wires connected to the top of the switch. Strip off some of the insulation or any protective coatings so that the bare wire is exposed. Under normal conditions, only 6-12 volts DC run through the wires, so you won’t get a shock by touching them. Now twist them tightly together tightly and leave disconnected from the contact switch. By doing this, the alarm protection loop will not see the opening and closing of that particular switch. Why? As far as the alarm master control knows, the system is operating properly because it will receive the voltage whether the switch is opened or closed. Since the contact switch is no longer connected to the protection loop, the master control does not see it.
Look at Figures 5 and 6. In Figure 5, you see the contact switch connected properly. In Figure 6, it has been bypassed. This technique is so simple it’s amazing that more systems haven’t been circumvented this way.
This technique will address 99 percent of all typical alarm systems. There are a few situations where contact switches, when shorted as described above, will actually cause the alarm to activate. However, since the system is off, you will not be detected. The lesson here is to always conceal all wiring and contact switches when installing an alarm in your home or business. In most cases, surface-mount contacts can be installed in such a way that the wires are hidden in the window and door frames (the recessed version mentioned earlier). This will discourage tampering of your system.
September 2nd, 2008
3:55 pm
Alarms
Let’s have a look at how an alarm system works. Sometimes I am truly amazed at how basic it can be. I think you will be too. You won’t need to be an electronics whiz. Just sit back, relax, and be amazed.
First, both commercial and residential alarm systems for the most part work very much alike . The operating theories are identical. In fact, many alarm companies use the same equipment for both.
The system basically consists of an alarm master control box that works on very low voltage, usually about 6 to 12 volts. The inside of the box looks complex, but it’s really very simple. The wires come out of the control box, go around the interior of the building, and then back into the control box. This is commonly referred to as the protection loop or alarm circuit.
Simple so far, right? Wrong. It gets a little more complicated now. To make the master control box activate an alarm, detection devices are connected to that protection loop that goes around the inside of the building. These devices are wired in such a way that when they are triggered, the alarm master control box will sense this and activate the alarm system. Usually a loud bell or siren will be attached to the control as well as some type of central-station monitoring. (We’ll look at individual devices and how they work in Chapter 2).
To make things simple, think of the alarm master control box as a water source such as an ocean and the wires that loop around the inside of the building as a long, continuous river. The water flows out of the ocean and into the river, which does what? Right, flows around and back into the ocean again. An alarm basically works the same way. As an example, see Figure 1.
The alarm control box activates when the flow of low-voltage current that runs through the wiring around the building is interrupted by one or more of the detection devices. To make this clear, let’s look at another example. Imagine that the wiring that loops around the inside of a particular building is a water pipe. If we place a shut off valve on the pipe and close the valve, the water won’t be able to complete the loop. Simple, right? Right. But rather than water current running through a pipe, electric current runs through the wiring, which goes around the perimeter of the building. Detection devices are connected individually to the loop in various configurations, each having the ability to interrupt the power flow back to the control. A steady flow of current going out of the control and returning will not activate the alarm. However, if the wiring is cut or one of the detection devices connected to that wiring loop is activated, it is just like turning off a shut-off valve. The alarm master control box senses a loss of power in the wiring loop, and this trips a relay, which activates an alarm.
To review briefly, the low voltage goes out of the master control box and runs through the wires around the interior of the building and back to the control box. Detection devices are connected to that wiring loop. If they sense any problem, they act as a shut-off valve, which prevents the low voltage from going back to the control box. What happens? Since the control box senses a break in the flow, it activates and creates lots of bells and whistles. If the system is monitored, a signal will be sent to the alarm company monitoring station.
It is so simple that if your having a problem following the theory, you may be wanting to believe it’s more difficult than it really is. This chapter is important because the other chapters are built on it. If you feel somewhat lost at this point, please review it again. As you read, the light bulb in your head will turn on as to how simple this all really is.
A word about safety. I recommend that you not attempt any of the following circumvention techniques unless you have been professionally trained in the area of electricity. If you touch the wrong wires, you can be injured. Please keep in mind that the only intention of this book is to explain how alarm systems work so you can develop a more secure system for yourself.
So, some of you may know, some of you may not.
Ice bullets have been around for some time now. Well, actually not really “ice bullets” - what has been used till now was ice shell around the actual bullet, which was preventing it from being “market” by the gun, thus givin up the shooter or the source of the gun, or.. etc.
Ice bullets are not perfect because they actually leave a metal trace - their “inside” bullet.
I have come around a way to prevent that.
Meet the real bullet - with no metal parts. Just ice. Totally untraceable.
Just mix 15% of wood dust with 85% water. Freeze. Use. This mixture will prevent the bullet from melting on the way to it’s target. It will make the ice 10 times stronger. And will do it’s job.
That’s right. Well, I don’t mean “hackers” in their real meaning - computer professionals, able to twist the computer doing whatever they wish, for a good cause. I will use the word “hacker” in it’s more popular meaning - computer criminal, again, able to twist your computer, but not for a good cause…
What are they like?
Well, they don’t like meeting obstacles. They hate beating their head against your firewall. They hate spending weeks and months in searching for a hole in your security systems - but hmm, if it’s worth it, they will. They will (and have done it with lots of companies) sometimes wait and search for YEARS, until they finally break your defenses.
The hacker society is just like water in a mountain - it builds it’s way slowly through the solid rock, builds whole caves - and nothing can stop it, if it is allowed to flow long enough. Eventually, they (we?) will get to you.
How can you protect your company? Buying new security systems could *probably* help. Against… some scriptkiddies.
Don’t allow the water flowing long enough to find a hole in your security.
Just change (enhance) your security frequently enough, so they would not be able to run at your speed. Change *all* passwords for critical systems every month. Change *all* user passwords every 6 months. Update your OS on client and server machines *immediately* after a patch is issued. Never run a service with higher privileges than it needs. If possible, separate your internet facing servers from your network.
Forget about DMZ. It just does NOT work.
You got it? Should I repeat? Forget about DMZ. Separate your internet facing servers from your internal network Completely. Choose completely different passwords for your internet facing servers and for your intranet facing servers. In fact you shold not have the same password for more than 1 server! If your company has DMZ connected to your internal network, and one of the DMZ servers gets compromised, it’s gone. Game over. The theory behind DMZ is like swiss cheese - holes all over it’s logic. It will slow down the attacker, but it will help him tremendously if you use DMZ.
Well, I have searched long and wide, could not find better structured article on browser security.
Just head over at http://www.cert.org/tech_tips/securing_browser/ and do what Will Dormann and Jason Rafail tell you.
Best of luck!
Usually, when you install Windows(tm), after installation you’re granted with Admin rights - very convenient to install programs initially, and configure your system.
What people don’t do afterwards, is create a user with Guest priviledge and use it for their daily tasks!
So what you should do?
Once all your applications are installed and your system is fully configured with drivers etc, click on Start - > Run - > type lusrmgr.msc, press Enter, right-click on Users, create a new user, choose a nice password for it, Clear the check-box “User must change password at next log on” . OK. Next, right-click on the user you created, choose Properties, click on the Member of tab, remove Users group, click Add, type Guests in the box, click Ok.
Right-click on the Admistrative user you used until now - be it Administrator and/or other user you selected during installation - and set a long, nice, hard to guess password for it using “Reset Password”. Make up something like “thisisalongandeasytorememberpassword” - some sentence only you know and will never forget, but is impossible for others to guess.
Next time you log in to Windows, choose the Low-priv account you created, and use it for your daily tasks - browsing, working, etc - when you need to perform any administrative tasks, just right-click on an installation file or other executable, choose “Run As”, and type in your Administrative credentials.
Done!
We’ve seen multiple exploits, when the users visits a malicious web site, and next the whole organization is compromised, the data is leaked, business loses A LOT of money.
So, what are we going to do? Use Linux? Yeah, like there are no exploits for all Linux browsers, including the console based Lynx… yes, text only browsing is dangerous too!
Let’s imagine most our users are admins on their own machines. Or even Power users. Dangerous situation. What would I do? Run IE as… Guest! This is isolating internet explorer for safe browsing.
Here’s the How-To:
Start - > Run - > type lusrmgr.msc, press Enter, right-click on Users, create a new user, choose a nice password for it, Clear the check-box “User must change password at next log on” - this account will be used only for running your internet facing applications like Internet Explorer, Firefox, Outlook, etc.
Next, right-click on the user you created, choose Properties, click on the Member of tab, remove Users group, click Add, type Guests in the box, click Ok.
To create a shortcut on the Desktop for the new Internet Explorer instance, right-click on the Desktop, choose New -> Shortcut, in the field for the program paste this (where newuser is the username of the user you created previously):
runas /user:newuser “c:\Program Files\Internet Explorer\iexplore.exe”
Press Next, when it asks for a name for the new shortcut, type Inernet Explorer, press Next, done.
For Firefox: runas /user:newuser “c:\Program Files\Mozilla Firefox\firefox.exe”
The icon is not pretty, I know. Right-click on it, choose Properties, Change Icon, and choose a nice icon, maybe even the Internet Explorer one at the end of the list.
Update: This does not work with IE7 in Vista, so to run IE7 as Guest, you will need to login with your new user. That is actually much better, as it will protect you from other threats from internet facing programs you run.