Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security

Dell Announces New Solutions For Its Supply Chain's Security (zdnet.com) 22

PC maker powerhouse Dell announced today a flurry of new enterprise security solutions for the company's line of enterprise products. From a report: The new services can be grouped into two categories, with (1) new solutions meant to protect the supply chain of Dell products while in transit to their customers and (2) new features meant to improve the security of Dell products while in use. While Dell has previously invested in securing its customers' supply chains, the company has announced today three new services. The first is named SafeSupply Chain Tamper Evident Services and, as its name implies, involves Dell adding anti-tampering seals to its devices, transport boxes, and even entire pallets before they leave Dell factories. The anti-tampering seals will allow buyers of Dell equipment to determine if any intermediary agents or transporters have opened boxes or devices to alter physical components. The second supply chain security offering, named the Dell SafeSupply Chain Data Sanitization Services, is meant for tampering made at the storage level.
This discussion has been archived. No new comments can be posted.

Dell Announces New Solutions For Its Supply Chain's Security

Comments Filter:
  • defcon (Score:4, Interesting)

    by blackomegax ( 807080 ) on Thursday December 03, 2020 @01:52PM (#60790740) Journal
    If participating in the DEFCON tamper village taught me anything, it's that "tamper-proofing" is a futile wasted effort and can be bypassed and replaced by 6 year olds.
    • Re:defcon (Score:4, Funny)

      by Anonymous Coward on Thursday December 03, 2020 @02:13PM (#60790822)
      Shipping would cost a fortune if you put 6 year olds in every box.
    • If participating in the DEFCON tamper village taught me anything, it's that "tamper-proofing" is a futile wasted effort and can be bypassed and replaced by 6 year olds.

      Yes but do middle-managers prone to believing bullshit marketing claims also know that?

    • Yup. I've worked with FIPS 140 "tamper-proofing" kits for Cisco gear and it's just a fig leaf, a few stickers you apply that aren't too hard to remove, that no-one pays any attention to, and that even if they did you could replace with something vaguely similar and no-one would notice. So the "SafeSupply Chain Tamper Evident Services" is at best illusionary security, or maybe protection against really amateurish attackers who haven't done any prep at all.
  • I see only one reason to apply for it: trying to avoid NSA backdoors. If it is about software, just wipe the system and install a new one. With all the crapware installed by default on computers, any company with an IT department is already doing that. For hardware tempering, I don't think any other actor has the know-how or can do this on a volume which would make it worthwile. Given that NSA would likely just get a secret allowance to move inside the factory if they want to, it makes this new "solution" w
    • I think you donâ(TM)t understand the scope of espionage going on, both corporate and from entities like China, Iran, Pakistan, India and others. They will indeed replace or add components for a particular customer and these are very low cost and dirty because in the real world nobody thinks twice about all the dongles hanging off a computer.

      • And a seal will stop them how?

        You think China cannot fake them? Take a guess who is probably *manufacturing* those seals! :)
        And in fact the entire hardware inside too!

        Probably in co-production with the NSA, through some CIA spies in China. ;)

        • by guruevi ( 827432 )

          Sure, state-level espionage and very well funded groups may not be caught (then again, some government spooks aren't the brightest either). But I'm talking about Indian pharma or Iranian students or the disgruntled employee coming in with nothing more than a flash drive and a Mega account which is pretty much all they can muster. That makes up the brunt of the corporate and research espionage cases and their tools are crude.

          Having a tamper device that they probably won't even know exists, will catch some ca

  • by neonman ( 544 ) on Thursday December 03, 2020 @03:49PM (#60791208)

    How much good does this do for me as an if the PC is still made in China or of Chinese components? Tamper-evident packaging is nice, but I am far more concerned about where my computer is being manufactured than I am about it being tampered with in transit, which is something that can only be done on a selective basis for high value targets.

    I take it as a given that the NSA probably has a backdoor into my hardware no matter where it gets manufactured. I do what I can to mitigate this, but at the end of the day, at least the United States is ostensibly a democracy and a nation of laws. The NSA might take interest in my communications if I start making a lot of calls to Moscow, but it is not going to steal my intellectual property and hand it over to my competitors. The same cannot be said of China, so if there's a choice, I'd prefer to not have Xi Jinping's spooks bugging my next laptop.

    I'm willing to pay considerably more money for a PC that's been manufactured entirely within the confines of the United States or some other friendly democratic nation.

  • If you saw LTT's latest secret shopper video, their sales staff added a 4 year warranty plus a contradictory 2 year warranty onto their order after they declined it 4 times. So I don't care if they protect my shipment until it gets to me until that gets solved.
  • I prefer Rm-rff. :)

  • Says the disgruntled employee with a box of anti-tamper seals.

  • It's okay and nice to have DiD chain-of-custody tamper-resistant seals for SCS, but the big one is also doing end-to-end X-ray comparison verification of completed ASICs, components, and boards and checking firmware acquired from customers spot-checked in different verticals. QA vs. QC can't be an either-or, QA must be done all the way from raw materials to delivered goods, and QC can't allow SC gaps of intercepted products after they've been final assembled but before customers take possession.
  • Didn't Cisco do a similar thing (on a smaller scale) but the US government just used the same branded tape to put the boxes back together?

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...