13

Today my car got stolen from my house, and it is possible the person who did it has access to my home. I try to take secure measures online to maintain security, yet it seems I never paid attention to my house.

As an IT Security practitioner and fan, I am interested in applying my knowledge to secure my house. What are some methods or approaches I can take as an IT guy, to secure my house? It would be great if I could maintain entry logs, get notification of unusual activity, protect computers left at home, and so on.

The idea is to create records and maintain more control of home access, with hardware that is already accessible or cheap, such as an old computer, serial I/O Kit, drive alert and cameras.

Example:

1: Unix/Linux Server records time/date door A was opened and closed thus creating logs.

2: Upon opening door A from 8 AM to 5 PM, servers sends a SMTP message to x@x.com notifying this event.

3: Upon opening door A from 8 AM to 5 PM, camera is on and it is accessible through Internet for me to connect.

If I had this not only would I have better logs in case of an emergency, but I would have better control of my home access, whether kids skipping school or unauthorized personnel entering restricted property (someone breaking in).

goblinbox
  • 123
  • 4
Rick Rhodes
  • 1,092
  • 7
  • 14
  • 1
    The sensors and webcams are not going to prevent the crime. You would be better off using door locks where the key cannot be duplicated. In addition look into equipment that allows you to check the status of your home online. An investment in preventing the crime is a better idea then a webcam that will never be watched. – Ramhound Feb 07 '12 at 19:35
  • I should probably add it is more as entertainment/experience rather than actually expecting such thing to be more secure than a professional alarm system – Rick Rhodes Feb 07 '12 at 19:37
  • 3
    Your idea would just be expensive to implement. Are you even looking for serious suggestions? By the sound of it you only want "fun" to implement ideas, not real solutions in which case trying to suggest something is sort of pointless. – Ramhound Feb 07 '12 at 19:44
  • 1
    @Rick - I have been persuaded this question is different enough to the other one that we should save it. (the powers of chat and votes to reopen) - can you improve it a bit though to differentiate it from http://security.stackexchange.com/questions/1244/securing-the-security-guys-home-office-what-should-we-do – Rory Alsop Feb 07 '12 at 20:00
  • 1
    I have to ask, were you the victim of a social engineering attack? If so, focus less on hardware based measures. – JonnyBoats Feb 07 '12 at 20:31
  • @RoryAlsop no problem, I am just giving a read of bunch of articles upon Linux alarm system; I will modify the question accordingly to make it more 'unique'. – Rick Rhodes Feb 07 '12 at 20:33
  • @JonnyBoats at this moment, it is just those situation when no one has a clue who or how exactly it was done, not even the police officers. The car has been found a couple minutes ago by police officers. – Rick Rhodes Feb 07 '12 at 20:37
  • I'm not sure whether or not these apply to your situation, but here's a couple direct translations: "Don't use the same password across multiple systems" = "don't keep your car and house keys on the same keyring". "Lock your workstation before walking away" = "don't leave your keys in the ignition". – Iszi Feb 07 '12 at 20:44
  • Rick: Glad to hear they found your car, lets hope it's not trashed. Lets hope they didn't install a virus, hate to have it become part of a bot-net ;-) – JonnyBoats Feb 07 '12 at 21:38
  • @JonnyBoats He'd better call it Bumblebee if it does. – Iszi Feb 08 '12 at 02:32

1 Answers1

25

If you're going against an all-out ram-raid, get some shutters, surround your house with concrete bollards, get solid steel doors with secure and recessed locks (Google "K tool"), and rock yourself to sleep in the basement at night. I don't think that's you, but I just had to put in the answer. :)

The rules of security in the server room are very similar to the rules of security at home. First, there's the cost / benefit trade-off, and that's often a tight ratio in the home market. Additionally, cost is more than just the price. For example, windows are a weak point in building security. That can be countered by placing steel roller doors over the windows. Even if they're cheap, they're still damn ugly and may pose a fire hazard trade-off since you can't get out of your house when they're closed.

So, the question is what you're trying to defend against. This is a great way to get comfy with the idea of "Threat modeling." For surreptitious entry, use detection rather than access control. Upload a picture to a remote site whenever motion is detected. It's cheaper and can be used to try and track down the thief.

Your goal after that is also to slow them down a lot. If you can bolt / lock / fill with concrete anything enough to make it take 10 minutes from the time you're notified until the time where somebody could reasonably run away with it, you'll probably get to keep it. Drive a few screws with an unusual head through your computer case and into the platform (wood?) below it. If your desk is designed at all like mine, the computer sits in a box that's part of the desk structure. Slap a lock on it. Even those simple security cables for laptops will help and most desktop chassis now are compatible with them (Kensington lock slot).

Where we often want to keep people out for a long time / completely in the IT / Industrial world, your home is mostly about delay, delay, delay. To that effect, most American residential locks are crap and I've lived in some places where I can pick the front door as fast as I can put the real key into it. If you're looking for good locks, the folks from Security Snobs have vendor booths at DEFCON and some other events and have positively intimidating looking locks. Alternately, just get any lock that costs at least $25 and isn't made with buttons.

Finally, just lock your windows. If you've ever locked yourself out of your own home, it's the first thing you look at to get in. You're not the only one to think that. Like SQL injection, it is still a top weakness.

Jeff Ferland
  • 38,170
  • 9
  • 94
  • 172