Detection of illegal connections to networks.

Detection of illegal connections to networks.

Detection of illegal connections to networks

In the previous issue of our magazine we already wrote about methods of protection against unauthorized data retrieval devices (UDRD). In this article we continue this topic, but we suggest paying attention to the fact that a certain class of devices makes it possible to detect unauthorized connections to any type of wire lines [1]. Among the devices of this class, four main groups can be distinguished.

The devices belonging to the first group are capable of detecting connections to power supply networks, radio transmission or telephone lines, as well as to their combinations that allow obtaining power sources for NSI devices. With the help of devices of this group, currents and voltages in various lines are monitored and the obtained values ​​are compared with the reference values. This makes it possible to detect NSI devices by deviation from the reference values.

The devices of the second group are capable of detecting NSI devices by their radio frequency radiation. These devices — detectors and scanners — allow you to record the presence of a radiation source in a room and, in the simplest cases, determine the type of its modulation and even listen to the transmitted message. Obviously, it is not difficult to determine the approximate location of the NSI device by the content of the message. The devices of this group detect NSI devices with any type of power supply.

The third group of devices for detecting eavesdropping devices includes all types of nonlinear locators. These search devices allow you to detect any type of device that contains nonlinear elements — diodes, transistors, or even contacts of various parts. Nonlinear locators detect both working and switched off NSI devices.

Devices of the fourth group detect the connection of devices for reading information from fiber-optic and coaxial communication lines and computer networks.

Unfortunately, none of the types of devices can guarantee the absence of NSI devices separately, so confidence and peace of mind can only be provided by a comprehensive check using various types of analyzers, performed by specialists.

In the known developments of devices of the first group, two trends can be traced.

Firstly, the device can be oriented towards installation and continuous operation directly in those lines in which it is necessary to promptly detect the fact of connection of the NSI device. For this purpose, in modern developments all methods of line testing are implemented automatically, according to the program controlling the operation of the analyzer microprocessor. In case of occurrence of signs recognized as unauthorized connection, the device generates a special signal to the personnel and, if necessary, turns on «protection». At the request of an external computer, such devices can issue a protocol containing the results of monitoring the state of the line. In addition, some models are equipped with devices for continuous recording of conversations conducted in the monitored telephone line.

Secondly, devices have been developed for conducting special checks, which are used only for periodic measurements. Under these conditions, the probability of correct detection of NSI begins to depend both on the metrological characteristics of the device and on the skill of the operator. Compartments, shafts, hatches, routes or distribution boards, where the installation of permanent control devices for various reasons is impossible, can be subject to periodic checks,

Of course, signs of the presence of NSI devices on the power supply lines can, in principle, be detected using universal electrical measuring instruments, but their use is often inconvenient and, in addition, the process of taking measurements requires the use of a large number of additional attachments, which forces developers to create specialized devices that largely take into account the needs of practitioners.

Let us consider in more detail the physical principles underlying the construction of devices for testing wire lines. Regardless of the details of the circuit design of these devices, their operation is based on measuring the current consumed from the source during operation of the NSI device. However, if the line is in working condition — under voltage, then, depending on the purpose of the line being tested, the measurement technique is different for industrial frequency lines of 220 V 50 Hz (or 220/115 V 400 Hz), radio broadcasting network lines and telephone lines, as well as any combinations of wires of these lines between themselves or with grounding objects (water pipes, heating pipes and metal fittings).

In particular, the previously considered methodology [2] for measuring the parameters of operating telephone lines is based on the specific characteristics of telephone networks and is not applicable to power supply lines.

Fig. 1. Measuring direct current

On the other hand, the analysis of power supply lines or radio broadcasting networks under voltage is based on the fact that if all known consumers are disconnected from the lines under study, then the value of direct current measured as shown in Fig. 1 can only be determined by the quality of insulation and should not exceed fractions of microamps, and for alternating current of industrial frequencies, the line in the section from the measurement point to the connection points of consumers can be considered as a capacitor with a capacity of hundreds to thousands of picofarads, connected in parallel with a resistor R, simulating leakage current through insulation.

Any connection to such a line of a parallel device will cause an increase in the current consumption to units of milliamperes and can be detected using a simple milliammeter. However, if the NSI device has a battery and key stages that connect it for recharging only as needed, then for reliable detection it will be necessary to disconnect consumers for a long period (up to three to five days) and conduct repeated current measurements.

Fig. 2. Image formation

Known developments of devices for measuring line parameters have the ability to simulate external power supply sources at various frequencies and control not only the current value, but also the phase shift between the current and voltage. A very convenient and visual representation of the phase shift is provided on the screen of the cathode-ray tube in the AT-2 device (AMULET, Moscow). A simplified structural diagram of the formation of an image on the CRT screen is shown in Fig. 2. The generator that forms a signal that simulates an external power source for the NSI device is connected to the output terminals of the measuring device in series with the resistor RO. The left (in the figure) deflection plate X of the CRT is connected to the common output of the generator, the right plate X is connected to the signal output terminal of the device and the lower plate Y, and the upper plate Y is connected to the signal output of the generator. Then, if there is no device in the line and its capacitive resistance can be neglected, no current flows through the resistor RO and the potential of the upper and lower plates Y coincide, so the beam does not deviate from its average position either up or down. The potential difference of the horizontally deflecting plates X is equal to the sinusoidal voltage at the generator output, so the beam periodically shifts from the extreme right position to the extreme left, and the operator observes a horizontal line on the screen.

Let a short-circuited jumper be installed in the line (in practice, this is unlikely). Then the potentials of the right and left horizontal deflection plates will be equal and the beam will not shift horizontally either to the left or to the right. All the voltage generated by the generator will be applied between the vertical deflection plates Y, which will lead to a periodic deflection of the beam to the upper and lower positions. A vertical line will be observed on the screen.

If the line contains a NSI device with purely active resistance, then when the device is operating, a current will flow through the resistor RO, the value of which will be the greater, the greater the applied voltage. The current flowing through this resistor will cause a voltage drop on it by the value U and, consequently, a decrease in the voltage on the signal terminal of the device. Then the horizontal length of the line will decrease. At the same time, the same voltage U will appear between the vertical deflection plates, which will cause a vertical deflection of the beam. As a result of the summation of the effects on the electron beam, the picture on the screen will be as shown in Fig. 3a. If the resistance of the NSI device drops, then the line on the CRT screen will shift in the direction shown by the arrow.

Fig. 3. Types of pictures on a CRT

With a capacitive nature of the NSI device circuit, an ellipse will be observed on the CRT screen, located as shown in Fig. 36, and with increasing frequency, its vertical size will increase. This is due to the fact that with a sinusoidal current through the capacitor, the voltage on it appears only after charging, when the current stops (horizontal extreme points), and the maximum current is observed at zero voltage on the capacitor (vertical extreme points). If the load is mixed, the ellipse turns out to be tilted as shown in Fig. Зв.

The presence of a nonlinear element in the NSI device circuit — a diode or a zener diode — is easily identified by the appearance of current surges at the moment when the voltage formed at the output terminals of the device is equal to the stabilization voltage.

The simplicity and clarity of such a system, as well as the skills of the operators, confirm the feasibility of using this principle in subsequent developments. In particular, the combined device APL-1 «INEY» (Confident Association) provides both digital display of voltage and current values ​​in the measured line and observation of phase shifts between them on the CRT screen. However, in addition to this, it provides control of the scan and image magnification — this gives certain advantages to the operator.

The main purpose of the APL-1 «INEI» wire line analyzer is to detect power supply circuits of devices of unauthorized connection to telephone lines and power supply networks. The device allows detecting the presence of foreign devices connected in series and having a resistance of at least 50 m, and devices connected in parallel and having a resistance of no more than 1.5 MOhm. Based on the image on the screen of the signal probing the line, the operator can easily detect devices with increased input capacitance or having nonlinear elements in the power supply circuits — diodes, thyristor or transistor keys. The device provides a probing voltage of a free line of 220 V or 127 V at a frequency of 50 Hz and 115 V at a frequency of 400 Hz. Such voltages and probing frequencies are typical for industrial power supply networks and vehicle networks — they are selected so that the power supply circuits of the NSI devices are in «familiar» conditions for them, otherwise, with reduced supply voltages, the power supply circuits may be disconnected from the line.

In addition, the device allows you to smoothly change the probing frequencies in the audio range of 20 Hz — 20 kHz while maintaining the output voltage at the level of 220 V or 127 V. This mode is intended to detect reactive elements and low-frequency semiconductor elements that begin to exhibit inertial properties with increasing frequency. Digital formation of a sinusoidal signal and stabilization of its value at the output are provided in the entire frequency range, and the maximum probing current is no more than 5 mA.

To measure currents, voltages and resistances of lines, the product has built-in devices for measuring:
— DC and AC voltages within 1000 V and 200 V;
— DC and AC currents within 20 and 200 mA;
— Resistance within 200 0 m and 2 MOhm.

A square detector for indicating and measuring voltage on a line of any shape and polarity, allowing the device to be protected from being connected to a line that is under voltage,

The design of the device allows the operator to work in any position, with any external lighting or in its absence, in conditions of high humidity or liquid ingress. The device has quasi-sensory control of operating modes,

The lack of autonomous power sources when working with the AT-2 device and the need to de-energize the room during testing caused major problems for operators. Therefore, in the APL-1 «INEI» wire line analyzer, battery power is selected as the main power source, and the network power supply is only auxiliary and serves primarily to recharge the batteries. The device can operate without external power sources for at least 2 hours. To reduce the weight of the device, the battery charging and network power supply unit can be implemented in a removable compartment.

In addition, given that when detecting NSI devices located in telephone lines, it may be necessary to disconnect from the PBX outside the monitored premises, the device has a «Search» mode and a remote detector. In this mode, if there is voltage in the telephone line, the device generates a high-frequency signal with an amplitude of 0.5-2 V, and the remote detector allows you to detect this signal when approaching the telephone wire at a distance of less than 1 cm. Having turned on the device in the «Search» mode, the operator can move with the detector along the line to the place where it is necessary to make a temporary disconnection.

With the help of APL-1 «INEI», a search with a power supply disconnection is carried out as follows. Before examining the power supply networks of the premises, it is necessary to de-energize the line under study and connect the device to the line. By setting the mode of generating an output signal of a given frequency and voltage, for example 220 V 50 Hz or 115 V 400 Hz, the operator can monitor the current consumed by the line, measure the resistance of its insulation and the resistance of the line wires.

Telephone lines can be surveyed both with and without voltage. If there is external power supply from the PBX, unauthorized connection devices are searched for by measuring the voltage and current of the telephone line with the telephone handset installed and removed, similar to how it was described [2].

The mode of measuring telephone line parameters when removing the PBX voltage distinguishes the APL-1 «INEY» device from the STO-24 «Vyuga» [2]: at the same time, due to the presence of precision voltage and current sources, there is no need to measure individual values ​​of normal line parameters and the probability of correct detection of NSI device connections increases.