4 edits | 100% Security During Boot 4 Peanuts !
Secure Boot Circuit |
I know from experience others may not be so fortunate as to be able to do this, and would prefer some method of automation to achieve TOTAL piece of mind during boot up. With this thought i have designed the circuit shown in my screeny.
It doesn't need to be over complicated at all, so i've kept as simple as possible. You can build it on Veroboard or just hardwire/solder the components together, or if you can build a PCB for it. It's totally self powered from the modem power feed, and should draw Only about 25 milliamps which is insignificant to what the modem draws. How you encase it and connect it is also left up to you. It shouldn't take long to build, and it's as cheap as chips to make. The total cost for the shown components could be around ONLY $1 if you shop wisely.
The power that normally feeds your External modem goes instead straight to the circuit INPUT, and the OUTPUT of the circuit then goes to the modem instead. P = Positive and N = Negative.
There is a variable delay which is set to suit everyones differing boot up time. Experiment with the Potentiometer until the Relay switches on a few seconds AFTER your PC has finally booted up FULLY. The variation depending on component tolerences etc, is roughly between 15 Seconds to 3 Minutes which should be ample for most people i would have thought.
Component List -
R1 + R2 = 100k Ohm Resistors - 5% to 20% Tolerence are fine.
VR1 = 1Meg Ohm Variable Preset resistor - 5% to 20% Tolerence is fine.
D1 + D2 = 1N4001 or similar diodes - Careful of orientation
C1 = 220uf Electrolytic Capacitor 10 to 50 Volts - Careful of orientation
Q1 = NPN Transistor BC337 or similar - Careful of orientation
RLY1 = 5 Volt Relay 180 Ohm Coil 1 to 3 Amp contacts. 4.5 Volts to 6 Volts should be fine, as is a coil with a resistance between 100 to 330 Ohms.
-
I have built and tested it myself, and YES it works exactly as described you'll be plesed to hear ! I spilt the USB lead and cut off just the 2 power wires on either side and connected them appropriately to INPUT and OUTPUT on the circuit.
Take it as a welcome gift from me to you, but for Stictly personnal use ONLY, NOT to be used commercially in ANY way Whatsoever without my Written agreement and permission first.
So you can relax safe in the knowledge that once built/tested correctly and installed, there will be NO more doubt about possible boot up security breaches due to Firewall/System delays.
Have fun,
Regards,
Spanner
--
I Only Know What I Know But I'm Learning all The Time -
Stay Safe -
Spanner intheWorks
/SpannerITWks |
|
Reviews:
 ·WestNet Broadband
| well, leave me behind, good to see, what more can i say, it definitely fixs that question, full stop  , im not sure i can plug in my lead to the router, so i might go to dick smiths electronics and get some parts  |
|
|
|
Mele20Premium
join:2001-06-05
Hilo, HI
kudos:4 | reply to SpannerITWks
That's quite impressive but wouldn't it be easier to just get a Surfboard modem from your ISP and use the standby button (thereby cutting the connection between the PC and the modem and thus the Internet) when booting? Most cable ISPs will let you exchange the modem at anytime for any reason and most have Surfboards and all Surfboards have the standby button (except the Cybersurf doesn't but those folks are being switched over to DOCSIS now anyhow). I cut the connection every night and anytime I am away for very long. It takes a millisecond to reconnect..just touching the button turns off or on the Internet connection to the PC.
For folks with DSL that have the always on type connection they can probably benefit from your suggestion as I doubt there an equivalent to the Motorola Surfboard for dsl modems.
Further, I don't know about other modems but I have to boot the modem BEFORE the computer. If I were to kill the power to the modem during the computer boot and then plug the modem back in I would not be able to get on the Internet. Not to mention that it is even more tricky when you also have a router. Booting must be done in a particular order if you unplug either or both the modem and the router. So, I don't understand how your suggestion will help any cable modem users unless it just the Surfboard and just the Linksy router that have to be connected in a certain order.
--
The first and foremost function of our jurors is to protect private citizens from a tyrannical and intrusive government...Jurors are the last line of defense for liberty. Thomas Jefferson 1789 |
|
 novaflareThe Dragon Was HerePremium
join:2002-01-24
Barberton, OH | reply to SpannerITWks
You could also run it inline with your cat 5 cable same deal relay switch but instead of breaking the power connection it breaks the cat 5 connection mid line.
--
DSLR security chat at us.ausirc.net chanel #dslr_sec lets pack this channelopen source dns server for *nix and windows »powerdns.com |
|
kpatzMY HEAD A SPLODEPremium
join:2003-06-13
Manchester, NH | It's a cool idea, but a NAT router between the PC and modem will provide security from inbound attacks without cutting off your connection. And those are the attacks to be concerned about during boot-up.
Delaying modem power-up can cause issues with DHCP; the system may time out or attempt to pull an IP before the modem is synced, and fail, requiring a manual release/renew to gain internet connectivity. Once again, a router takes care of this for you, or the Standby button on the SB5100 (when in Standby, the PC can still pull an IP from the modem but other connectivity is blocked).
--
SMTP: Spam and Malware Transfer Protocol. Also used on rare occasion to transmit e-mail messages. |
|
 rogue_I Have A Secret WindowPremium
join:2001-10-17
Lake Hiawatha, NJ | reply to SpannerITWks
I agree with the above post. A router/firewall between your modem and computer is all that's needed. If you don't have a hardware firewall and your using a software one on the machine then yes, I guess this is a good way to fix the issue. But then again, as someone mentioned, that is what the standby button can be used for. I know not all modems may have a standby button but the on/off switch works just as well.
--
Bozone (n.): The substance surrounding stupid people that stops bright ideas from penetrating. |
|
BPremium,MVM
join:2000-10-28 | Personally I just think it's cool that SpannerITWks  is thinking so independently (almost wrote 'outside the box') and sharing his or her work with us.
Thanks.
-- B
--
In a realm outside causality and function |
|
 clownyPremium
join:2003-09-09
Crystal Lake, IL | said by B:Personally I just think it's cool that SpannerITWks is thinking so independently (almost wrote 'outside the box') and sharing his or her work with us. I agree. |
|
3 edits | reply to SpannerITWks
Version 2 |
Taking on board the useful suggestion about the relay switching the Line instead of the Modem Power, i have slightly redesigned the circuit to accomplish this.
You still need to provide a 5 Volt Power source to the circuit of course. This could still be tapped off the Modem Power, or via an outlet on the PC, or a seperate DC supply of around 4.5 to 6 Volts.
You only need to break the connection to one wire in the line feed. One goes to LINE IN and the other goes to LINE OUT on the OPEN relay contacts. It does NOT matter which way round they go on this Version 2.
I would recommend in this Version to buy a relay with Silver or Gold contacts, most minitature ones are and still cheap.
Thanx for the helpful comments and kind words about it and me. I'd be interested to hear peoples feedback from anyone who installs it.
By the way I is a HE lol.
Regards,
Spanner
--
I Only Know What I Know But I'm Learning all The Time -
Stay Safe -
Spanner intheWorks
/SpannerITWks |
|
 EGeezerSummertimePremium
join:2002-08-04
Midwest
kudos:7
 ·Callcentric
2 edits | Re: Relay switching idea - Actually, I like the power switch - quite simple and creative I'd use the variable resistor idea with that to set my delay time if I were using it.
For the CAT5 switch, one would need to test to find a relay that would switch all the signal carrying wires and not introduce EMF or reactance into the CAT5 line, altering the efective impedance or introducing noise into the wire.
Open loops could also act as antennas introducing stray noise that might produce interesting results as the NIC picks them up. For that case, you might need a DPDT relay with the "off" position terminating in a dummy load.
Although routers, firewalls, Surfboards etc are good pieces of protection, The time-delay power relay is a novel way to satisfy someone's need for extra caution. I enjoy creative and simple answers to technological issues and hope someone breadboards it and reports back... 
Edit
One thought - wouldn't there be issues when the modem goes up after the PC? If the PC gets IP from DHCP provided through the modem, it would need to retry - or you'd need to batch execute ipconfig /renew /all after modem power up for some systems.
/edit |
|
novaflareThe Dragon Was HerePremium
join:2002-01-24
Barberton, OH | reply to SpannerITWks
Re: 100% Security During Boot 4 Peanuts ! you can get realy cool stuff going with this. How bout this one trigger the relay by computer poer. Hooked inline with the led for the case. Each computer could have its own relay that kils its own cat 5. No isues with the cat 5 relay being tripped while you want it on this way ither.Course with routers you dont need to worry about this so much but this would be great for a hub or bridge. Spanner has most asuradly came up with something worth while. Even if you are 99.9999% sure your firewall protects during all phases of boot you just never know. I mean what if your firewall stops protecting during boot or what if theres 3 secounds where it infact doesnt protect when you need protection. Timing a relay switch out so that it only conects the cat 60 secounds after it recieves its power will asure protection.
For us lowly end users this may not be a big deal and the slight risk is something we are willing to take. But how much youwant to bet this shows up in some corp invironment some where?
And heres somethign i bet no one even thought of. Its possible with a small amount of coding in the language of your choice to send data out a serial port any kind of data you like. This data could be say running proccess list or a single running procs name. Or maybe you use a trigger event in your program that breaks the connection toyour cat 5 if a proc stops running. To date while i cant remember what firewalls had it happen i remember hearing about 3 that had trojans disable them includign killing the proccess. This of course would allow full access to your computer. Well spanners idea taken to the next step could stop things like this dead.
--
DSLR security chat at us.ausirc.net chanel #dslr_sec lets pack this channelopen source dns server for *nix and windows »powerdns.com |
|
BPremium,MVM
join:2000-10-28
1 edit | reply to EGeezer
Re: Relay switching idea - DHCP under Windows these days is really pretty good about that. I've seen addresses come up nearly instantly the moment the DHCP server was back on-line.
The problem is more on the boot side. It can take many seconds longer to boot as the machine searches in vain for its address.
Of course, I prefer static IP addressing in home networks anyway.
-- B
--
In a realm outside causality and function |
|
EGeezerSummertimePremium
join:2002-08-04
Midwest
kudos:7 Reviews:
·Callcentric
| Hi B ,
Good points - I note, though, that WIN98 ain't too good at recovery or initialization compared to XP/2K/2K3.
I use statics on stuff behind a router and NAT and disable DHCP, but the single PC behind a DSL/Cable modem still looks for DHCP and, particularly if it's WIN9X, craps out if the modem isn't there.
(corrections welcome!)
EG |
|
BPremium,MVM
join:2000-10-28 | I don't think it craps out permanently in Win9x. It can just take a really long time. The only time I've seen it regularly fail to boot is if the Novell client is installed.
That thing just sucks.
-- B
--
In a realm outside causality and function |
|
1 edit | reply to SpannerITWks
Re: 100% Security During Boot 4 Peanuts !
Quad Contacts Option |
If you have a CAT5 etc installation with symetrical INs and OUTs, then you can use a Single Relay with Quad switched contacts or 2 Relays with their Coils wired in Parallel as in my Screeny.
If you find that more gain is required to switch the Relay/s then you can easily replace the NPN Q1 with a higher gain device. This could be just a similar type with increased gain, or a Darlington Transitor eg TIP110 or equivalent which have significantly higher gain.
Regards,
Spanner
--
I Only Know What I Know But I'm Learning all The Time -
Stay Safe -
Spanner intheWorks
/SpannerITWks |
|
 seanm6869Premium
join:2002-12-03
Versailles, KY | cant you just disable the nic in network connections? i have a n icon on my desktop when i leave my computer on over night.. just disable it and leave.
--
MY Forum http://www.mainstreamtopics.com/forums |
|
1 edit | reply to SpannerITWks
Hya, The main purpose behind this circuit is to have TOTAL piece of mind during BOOT that a PC will NOT be subject to ANY intrusions whatsoever due to Firewall etc start up delays.
If people leave their PC's on 24/7/365 etc then AFTER the first boot this won't be a concern. But for Everybody who does boot more often it can be. Every one of those boots whilst having their Modems connected, can potentially leave them Exposed.
Hope this is clearer now if it wasn't before.
If some of you do build it and use it, then please let us know how you liked it, and your experiences with it etc.
Regards,
Spanner
--
I Only Know What I Know But I'm Learning all The Time -
Stay Safe -
Spanner intheWorks
/SpannerITWks |
|
| reply to SpannerITWks
For those that were maybe wondering about transistor substitutions/replacements/equivalents, here's a useful site for you -
Transistor Cross Reference Database -
This database currently has over 40,000 transistors in it which can be cross-referenced to other parts. Enter a search term below to begin your transistor search.
»www.ee.washington.edu/circuit_ar···oss.html
--
I Only Know What I Know But I'm Learning all The Time - Stay Safe - Spanner intheWorks/SpannerITWks |
|
 Anonymous_AnonymousPremium
join:2004-06-21
127.0.0.1
kudos:2 | reply to SpannerITWks
it should be made a FAQ on the site so it would be posted on the site forever |
|
Anonymous_AnonymousPremium
join:2004-06-21
127.0.0.1
kudos:2 | reply to Mele20
yes but the stand by can cause speed problems it happion to me when i had that modem the speed lowered to 400kbps i had to reboot the modem to get it at full speed |
|
