back to article Release the hounds! Securing datacenters may soon need sniffer dogs

Sniffer dogs may soon become a useful means of improving physical security in datacenters, as increasing numbers of people are adopting implants like NFC chips that have the potential to enable novel attacks on access control tools. So claims Len Noe, tech evangelist at identity management vendor CyberArk. Noe told The …

  1. Sora2566 Silver badge

    I mean, if the keycard is the only thing you need to enter a building, you do have to prepare for the very ordinary case that the card is just stolen, or cloned using non-implant tech...

    1. Jon 37 Silver badge

      I agree.

      The whole story seems to be: "If your security is weak enough that someone with a cloned RFID card could get in, THEN the attacker could make the job more difficult by using an implant, SO you should do weird things to try to detect implants".

      Totally ignoring the fact that their security is weak enough that someone with a cloned RFID card could get in, and preventing implants doesn't solve that.

      As you say, the right fix is to use unclonable access cards.

      Such a thing should be doable, but RFID standards seem to be such a mess that I have no idea how to do that, or even if there are any solutions available that can do that.

      Does anyone know of good documentation on how to securely do RFID, that is not just manufacturer sales-language nonsense?

      1. cyberdemon Silver badge
        Coat

        Obviously

        This is the only way to infiltrate the headquarters of the International Nudist Association

        Until they get sniffer dogs, that is

        1. Bill Neal

          Re: Obviously

          Or use the old prison wallet

          1. Anonymous Coward
            Anonymous Coward

            Re: Obviously

            Might be a bit obvious when you press up against the card reader.

        2. This post has been deleted by its author

      2. Sora2566 Silver badge

        That doesn't help for the case where the card is stolen.

  2. Blake Davis

    Is there some evidence of dogs sniffing out implants that wasn't shared in this story?

    1. Blazde Silver badge

      It's rarely mentioned but the reason dogs sniff each other's asses is because of trace triphenylphosphine oxide coming off their own microchips. They just can't get enough of it

    2. Anonymous Coward
      Anonymous Coward

      Is there some evidence of dogs sniffing out implants that wasn't shared in this story?

      Of course not. It's just that this guy obviously watched The Terminator last weekend, probably while on something...

    3. Jimmy2Cows Silver badge

      Plus I know dogs are really good at sniffing things out, but could they really smell an implant through your skin?

      Seems it would have to be turning up in skin secretions or breath, which would mean it's getting into your blood stream. Seems pretty damn toxic, not the sort of shit you'd really want in your body.

      1. ThatOne Silver badge
        Facepalm

        Indeed, this is just "let's think of a flashy headline" nonsense.

        Like the issue with implanted chips BTW. As already mentioned above, the problem here isn't that a person with implanted cloned tags can foil your security, but that a person can foil your security with cloned tags. Dogs (or shark-filled moats) are clearly not the best solution to that problem...

  3. david 12 Silver badge

    triphenylphosphine oxide that’s used to coat circuit boards to prevent them from overheating.

    WTF?

    Perhaps this means that TPP oxide has been included as a flame retardant? It sometimes is, but that's in all kinds of common plastics, which are common, so sniffing wouldn't prove anything.

    Has anybody got any information that it's used for thermal bonding or temperature handling?

    1. diodesign (Written by Reg staff) Silver badge

      Re: triphenylphosphine oxide

      We've clarified that sentence - it's a multi-use chemical that does show up a lot in data storage electronics. Police dogs are trained to sniff out hidden drives of highly illegal content in suspects' homes, for instance.

      C.

  4. Anonymous Coward
    Anonymous Coward

    Len Noe

    Is an idiot. The only thing he's evangelizing for is Dunning-Kruger.

    1. Michael Strorm Silver badge

      Re: Len Noe

      I dunno... I mean, he seems intelligent enough to have figured out what gets him attention from the media.

  5. Paul Crawford Silver badge

    Maybe, you know, fixing the piss-poor security around NFC stuff that allowed cloning in the first place would be a better long term goal?

  6. ArguablyShrugs

    "Largely forgotten & irrelevant narcissist implant evangelist dolt tries to make headlines with dogs sniffing out his arse"

    fixed the headline for you, ta

    1. Michael Strorm Silver badge

      "Captain Cyborg: The Next Generation" not a big success, then?

      Largely forgotten? I'd never even heard of him in the first place, and the fact he doesn't have a Wikipedia article suggests he can't ever have been that famous.

      Perhaps you're confusing him with the person who I thought Noe came across across as a poor man's version of, Captain Cyborg AKA Kevin Warwick?

  7. Bebu
    Windows

    Huh?

    How is going up to a scanner and waving your cloned card in front of it different from waving your cloned implanted hand in front it?

    I would have thought before deploying beagles, or whatever breed, to detect an implant which would be contingent on scenting a chemical normally used in the construction such devices, other options might be considered. Would pacemakers or insulin pumps attract these hounds?

    E-Passports have some basic biometrics recorded in their electronics which with the cameras at airport gates are used to automatically more or less verify the passport holder's identity. Seems like a far more reasonable approach.

    Even requiring the card to be placed in a tray which takes the card inside the machine (like a CD) to be be verified would defeat these self chipping nutters.

    Actually employing a dozen anal retentive security guards and having them constantly man the front desk requiring everyone entering or leaving the building sign in or out, as well as being identified and vetted by these guards in complete compliance with the organisation's (physical) security policy is likely to be much more effective.

    As a young chap seeing a vice chancellor who, one evening, insisted on entering the institution's server room only to be threatened with his physical removal from the site, taught me a lot about security. The policy was only persons explicitly authorized the IT director was permitted access and then only for the specified purposes the permission was granted and by default only during business hours.

    1. Clarecats

      Re: Huh?

      "having them constantly man the front desk"

      Staff the front desk. As some of them may well be female.

      Glad to help.

    2. mostly average
      Trollface

      Re: Huh?

      Anal retentive? I believe they would call that a rectal concealment.

    3. Persona Silver badge

      Re: Huh?

      How is going up to a scanner and waving your cloned card in front of it different from waving your cloned implanted hand in front it?

      Well if anyone is looking at the CCTV monitor they are going to think "Wow, that's odd. That dude did that without a security card. Perhaps he is using implants. Let's send out the dogs to chew his gonads off."

  8. Moldskred
    Thumb Down

    This is just too stupid to report on. Really, The Reg. Shame on you.

  9. Anonymous Coward
    Joke

    Reliable means of finding implants

    Noe thinks hounds are therefore currently the only reliable means of finding humans with implants that could be used to clone ID cards.

    How about frying them with an EMP on the way in?

    1. ArguablyShrugs

      Re: Reliable means of finding implants

      BOFH would likely approve, as frying the dolts' brains with high‑powered microwaves could be a nice feature – though obviously only installed on the "special" & "fast‑track" C‑suite gate...

  10. MacGuffin

    Demolition Man Revisited

    I may need to rewatch “Demolition Man” tonight. I keep thinking of the quote “Why don’t you shove a leash up my ass?” after Sly is informed he’s chipped.

    1. David 132 Silver badge
      Thumb Up

      Re: Demolition Man Revisited

      Wouldn’t it be crowded up there what with the three sea-shells as well?

  11. Anonymous Coward
    Anonymous Coward

    finally

    a use for my Terminator sniffing dogs.

  12. Nate Amsden

    just about 21 years ago...

    I visited a real datacenter for the first time. An AT&T datacenter in Lynwood, WA. Facility is still there just not operated by AT&T for at least a decade.

    Unlike the facility I have used since 2011, this Lynnwood facility had no gates, just security cameras outside. Going inside the guard checked my ID to see if I was on the list. If so they gave me the key to our cage. From there I went into a man trap, where I put in my passcode I believe. Then I had my hand scanned. I learned much later apparently it checked your weight too. Assuming you paased then the trap opened on the other side and you were free to go to your cage.

    The weight checking thing was interesting as one of my coworkers was actually too heavy for it. So they had to bypass the mantrap for him. I was on a first name basis with the entire staff there so frequently I wasn't forced to use the man trap especially if I was bringing in equipment.

    The more modern QTS datacenter I am familiar with also has multiple man traps for different parts of the 1M sq foot facility. Though no weight checks the traps are regular rooms maybe 64 sq feet. They used to check fingerprint to get inside the man trap then iris scan to get out of it and onto tge datacenter floor. Though the fingerprint scanners were really problematic, so I assume that is why they removed them. Also have a badge for it, no ID checks required if you have a badge. Well there is at least one more sensitive area of the facility that has a man trap with what appears to be a security guard inside(man trap door has a small window in that particular case). Twitter is in that facility, don't know if it's for them or some other customer.

    Point is of course, having badge only access hasn't been a thing in proper datacenters in decades.

    1. Michael Strorm Silver badge

      Re: just about 21 years ago...

      The actual point is that some wannabe Captain Cyborg knockoff who doesn't even have a Wikipedia article got his name in the metaphorical papers regardless by spouting this shite.

  13. JavaJester

    Old School Solution - Contact Chip

    An easy way to thwart an implant-laden miscreant is to use contact chips and readers. Couple that with a second factor, such as a PIN for more sensitive areas. Seems like that would be easier than the literal care and feeding required for guard dogs.

  14. ortunk
    Pint

    Came to /s praise /s the article, saw you people made all my points,so have one on me

  15. Conundrum1885

    Up until

    Someone who has a pacemaker, diabetes implant etc gets the third degree by pasty faced goons.

    For that matter I hear that a popular contraceptive has an RFID-like device so it can be located if it goes walkies.

    1. Michael Strorm Silver badge

      Re: Up until

      > Someone who has a pacemaker, diabetes implant etc gets the third degree by pasty faced goons

      Or the security guards misunderstand what was meant by "silicon implants" resulting in an unpleasant incident the next time Dolly Parton attends an open day at her local data centre.

  16. This post has been deleted by its author

  17. martinusher Silver badge

    Its finally come true!

    It has been said for many years that the automated facility of the future would only employ one person and a dog. The person is there to feed the dog and the dog is there to prevent the person from touching any of the machinery.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like