Hacker News new | past | comments | ask | show | jobs | submit login

Are cases locked / glued shut? It seems like it would be easy enough to connect a new usb header...



While visiting a Chinese division of an American company I worked for about 8 years ago they had Dell desktops, in a tower configuration and they had a metal (steel) super structure around them. A case within a case.

You could unlock it, plug in USB, monitors, ethernet, etc. route the cables out through a slot and then lock it. You couldn't reach the the different ports and sockets when it was locked. It was all relatively stout too.

Interestingly, they did have internet in the building but you had to have management permission and go to the security office to access it. If you wanted to download something, it was a fairly involved procedure. They were paranoid about people stealing their stuff and then also very paranoid about misappropriating something they shouldn't and creating legal problems in Europe or North America. They didn't seem to be all that concerned about stealing other people's IT but they wanted to control everything such that it didn't contaminate anything they wanted to sell where it mattered.

I nearly created a situation when I pulled out my phone to take a picture of an "engrish" sign they had on the wall.

It'll be interesting to see how the security culture in the US changes or doesn't, a lot of younger developers would be put off if you attempted to somehow restrict their access to the internet from work computers or restricted your ability to plug a phone or some arbitrary device in for charging of whatever. At every job I've had this century it has been fairly trivial to download nearly all of their source code and take it home if you wanted to. Trying to take the politics out of it, we're very much engaged in a cyber cold war with a number of nations that absolutely want to take our secrets; I won't speculate on the real impact but the Russians did meddle in our election.


> Are cases locked / glued shut? It seems like it would be easy enough to connect a new usb header...

Well sure. I think the idea is to prevent mistakes and people just randomly plugging usb sticks they get from conferences as gifts or when they work from home. People will forget and do that anyway even if it is the rule.

When someone start disassembling the laptop or runs around with a screw driver trying to get the epoxy out of the ports, it would a bit hard to claim it was an accidental mistake. In that case, those people can probably find a way to exfiltrate data or to infect the system without the aid of USB keys.


or unplug a mouse for 5 seconds


If you're going through the trouble of epoxying USB ports, you could probably epoxy the mouse to its port as well.

Or just monitor connected USB devices and shutdown if something unapproved is installed, a la USBKill.

https://en.wikipedia.org/wiki/USBKill


If mouse is epoxied - cut the cable, cut and splice in a male->female cable, connect your device.


Doing so would trigger a USB disconnection event, which under a sufficiently paranoid ecosystem would immediately terminate the entire enclosure and lock the door and call security.


I think they are trying to discourage accidental use of/the urge to use the USB ports.


Epoxy is a pain, just use a sticky connector envelope instead.

USB disconnect disabling whole USB host is trivial to code. You would disable on disconnect instead of whitelisting as there can be USB host bugs. Add a boot password so that only admin can start the machine...

Plus the are solutions where drivers are also put in a VM to further reduce attack surface.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: