Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Made In China

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    18 Posts 10 Posters 8.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bh-os
      last edited by

      Major service providers and operators of critical infrastructure have recently disallowed hardware made in china to be used in their systems.

      As security concerns increase across the globe, what thoughts do you all have regarding use of ALIX boards and other equipment which is made in China?

      Are there any US Manufacturers we should know about?

      1 Reply Last reply Reply Quote 0
      • S
        Supermule Banned
        last edited by

        Due to???

        1 Reply Last reply Reply Quote 0
        • W
          wallabybob
          last edited by

          @bh-os:

          As security concerns increase across the globe, what thoughts do you all have regarding use of ALIX boards and other equipment which is made in China?

          Isn't everything made in China nowadays? :-) Or contain at least some components made in China?

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Source?

            1 Reply Last reply Reply Quote 0
            • J
              jasonlitka
              last edited by

              1. Who would put an ALIX board in a "critical infrastructure" position?
              2. Who would put any hardware in a "critical infrastructure" position where you don't have a live/hot/cold spare (depending on the uptime requirements of your environment)?
              3. Who are these service providers and what are they using (because just about everything is made in China)?

              I can break anything.

              1 Reply Last reply Reply Quote 0
              • B
                bh-os
                last edited by

                Different things are "Critical" to different people. For a small business, their infrastructure is critical.

                For a medium business that uses ALIX systems at the homes of telecommuters, their infrastructure is critical.

                Security Fears Kill Chinese Bid in U.S.: http://online.wsj.com/article/SB10001424052748704353504575596611547810220.html

                "The Defense Department and some U.S. lawmakers have been increasingly concerned about the two companies' ties to the Chinese government and military, and the security implications of letting their equipment into critical U.S. infrastructure.

                Some officials argue China's military could use Huawei or ZTE equipment to disrupt or intercept American communications."

                1 Reply Last reply Reply Quote 0
                • J
                  jasonlitka
                  last edited by

                  That article is not about banning all equipment made in China.  It is about Sprint excluding two specific Chinese companies from bidding on an infrastructure contract and lawmakers potentially extending that ban on the two companies to other contracts.

                  I can break anything.

                  1 Reply Last reply Reply Quote 0
                  • B
                    bh-os
                    last edited by

                    My point is that government and large businesses have raised concerns about security when it comes to network equipment made in China.

                    My question was are there any US manufacturers of equipment equivalent to the PC Engines ALIX boards.

                    1 Reply Last reply Reply Quote 0
                    • E
                      Efonnes
                      last edited by

                      What about from countries in Europe?  Wouldn't that be OK, too?

                      1 Reply Last reply Reply Quote 0
                      • B
                        bh-os
                        last edited by

                        Made in Europe sounds better than made in China.

                        Do you know of any US Manufacturers though?

                        1 Reply Last reply Reply Quote 0
                        • ?
                          Guest
                          last edited by

                          Aren't PC Engines located in Switzerland?

                          1 Reply Last reply Reply Quote 0
                          • Cry HavokC
                            Cry Havok
                            last edited by

                            If you're going to be that worried then you also need to look at where the manufacturer's source their parts.  Frankly however unless you're a government organisation or large business I doubt you have much to really worry about.

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S
                              stephenw10 Netgate Administrator
                              last edited by

                              It's an interesting question though. Would it be possible for some agency or manufacturer to place a component on a motherboard that secretly records and sends information or some sort of hard coded backdoor? Possible, yes, likely, no.
                              Consider what type of component it would have to be. Some relatively large IC. No capacitor or inductor is going to send your bank details to Russia! I would think it would have to be a processor or a network interface in order to have sufficient access to system resources. Maybe some rogue bios that got loaded before the main bios.
                              Whatever way you look at it it's a massive amount of effort to go to and you'd have to make sure it was undetectable.
                              Steve

                              1 Reply Last reply Reply Quote 0
                              • J
                                jasonlitka
                                last edited by

                                … not to mention that the detection of any such subterfuge would be inevitable and the company responsible for selling the compromised parts would be crushed (first by the media, second by all the angry idiots on 4chan, and third by all the companies that will now refuse to deal with them).

                                You're making a big deal out of nothing.  Buy the parts that fit your needs and stop worrying about where they're made.

                                I can break anything.

                                1 Reply Last reply Reply Quote 0
                                • S
                                  Supermule Banned
                                  last edited by

                                  I dont think its about transmitting data…..

                                  I think it would be to shutdown major networks and that way around block all communication via the internet....

                                  That is pretty easy if its hardcoded to a motherboard.

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    Proof of concept?
                                    http://esec-lab.sogeti.com/dotclear/index.php?post/2010/11/21/Presentation-at-Hack.lu-:-Reversing-the-Broacom-NetExtreme-s-firmware

                                    Steve

                                    1 Reply Last reply Reply Quote 0
                                    • T
                                      tommyboy180
                                      last edited by

                                      The USAF started limiting what hardware can be used a long time ago. We have an entire entity that puts every piece of hardware through an accreditation process before being allowed to be purchase. Being able to put hardware on a network is a second separate step within this process.

                                      During an audit knockoff hardware was found. Legit hardware was also found doing some funky things. This was around 4 years ago.
                                      I'm sure these things are still going on. Governments are targets of espionage so in a way who would be irresponsible to think that manufactures don't do funny things with their hardware, especially from countries that don't enforce standards for corporations like China. Governments aren't the only entity targeted, I'm sure companies are too.

                                      Unfortunately all documentation created on these findings are unavailable to the public. I guess if your worried about hardware security you test it, tear it apart, and research it.

                                      -Tom Schaefer
                                      SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                                      Please support pfBlocker | File Browser | Strikeback

                                      1 Reply Last reply Reply Quote 0
                                      • X
                                        XIII
                                        last edited by

                                        I was watching something (on CSPAN) about 3Com being bought by a Chinese company and they mentioned that the CIA bought some Lenovos and used them for unclassified data, it came out that Lenovo bypassed their security using the motherboard software hardware and downloaded stuff to their servers.
                                        I wasnt able to find any info on this when I saw this so I couldnt get specifics, found it interesting though.

                                        -Chris Stutzman
                                        Sys0:2.0.1: AMD Sempron 140 @2.7 1024M RAM 100GHD
                                        Sys1:2.0.1: Intel P4 @2.66 1024M RAM 40GHD
                                        freedns.afraid.org - Free DNS dynamic DNS subdomain and domain hosting.
                                        Check out the pfSense Wiki

                                        1 Reply Last reply Reply Quote 0
                                        • First post
                                          Last post
                                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.