[Gllug] Securing a standalone server on a casino floor.
walter.stanish at saffrondigital.com
Fri Apr 1 16:16:39 UTC 2011
You could consider something like the following approach.
1. Minimise the number of people who have information about the
deployment and its purpose
2. Deploy the actual machine in a secret location
3. Tell all non-senior staff falsely that the server at the on-floor
location performs all previously intended functions
4. Deploy an on-floor dummy machine, highly firewalled and with USB
open only, lots of RAM and no disk drive
5. Incorporate a network-based challenge/response components in to the
USB-based authentication (secret location approves)
6. Upon successful authentication, a complete OS image is pushed to
the dummy system from the secret location across the network
7. All logging occurs across the network (to the secret location)
8. Have failures in network-based keepalives between the secret
location and on-floor dummy trigger a serious physical security alarm
This way, if the dummy is compromised, you are still largely protected
against software analysis, tampering, etc.
Secondly, you have some additional protection against insider attacks,
since physical theft of the machine and/or side-channel attacks like
power analysis will be rendered useless for software components that
execute in the secret location instead of on the dummy itself.
Gllug mailing list - Gllug at gllug.org.uk
More information about the GLLUG