Plug the holes in your data center's physical security
Your company recently went through several rounds of layoffs, and many employees received pink slips. One night, you receive a page that a server has gone offline. You report to the data center and unlock the door to find what looks like a battle zone. Two new Storage Area Network (SAN) racks are lying on their sides on the floor. Yellow warning lights blink on several of the drives and their controllers.
The main server cabinet has suffered the greatest damage. Floor tiles that covered the raised floor have been removed, and the whole unit has been rolled into the gaping hole and dropped 2' to the actual floor below. Backup tapes are strewn everywhere. You'll need days to figure out what data you've lost and whether the tapes are in good enough condition to aid in restoration. The security supervisor arrives and tells you she found the point of entry in an abandoned room that shares the same raised floor.
This incident is fictitious, but incidents like this can and do happen. And here's a true story that teaches the same lesson. Several years ago, a crucial member server in my company lost its network connectivity. We had been using domain accounts to log on to the machine, but these were now unusable because the credential caching on the server was disabled. Our hopes for logging on with the local Administrator account were dashed when we learned that someone had changed the account's password without documenting the change.
Using a trick I picked up off a cracker Web site, we were soon able to log on to the server with administrative privileges. In just a few more minutes, we were able to get the server back on the network. Initially, we were euphoric that we'd gotten the server back online so quickly by using our newfound cracking skills. Then, we realized that unscrupulous individuals could just as easily have gained unauthorized access to the valuable corporate data on that server and covered their tracks afterward, making it impossible to tell that they'd logged on. Anyone with physical access to the server could perform these actions. And today, additional tools are available that make accessing a locked server even easier.
The moral of these two stories is that physical security is absolutely crucial. You can disable unused ports, install event-log-monitoring software, and add every update and hotfix to keep out the bad guys—but if they can gain physical access to your data center, they can still do real damage. Complete server and network security includes physical security. As an IT professional, you're most aware of the high cost of hardware and data loss and are in the best position to determine your risks and strengthen your data center's physical defenses against this type of attack.
Assessing Risk
Determining the likelihood of a break-in at your data center can be difficult. Following are a few factors to consider.
Past security incidents at your facility or your competitors' facilities. If your site or your competitors' sites have a history of serious security incidents, I hope your management has devoted the resources necessary to protect against future attacks. Incidents of vandalism might be an indication of external or internal perpetrators who might escalate their activities and turn their attention to the data center. Check with corporate security and local law enforcement to determine whether incidents might be part of a trend.
If your company hasn't experienced physical attacks, consider yourself lucky, but don't assume your luck will continue. Your company's security history might provide some indicators, but it can't forecast the future. Even if your facility is in a safe area and you have good perimeter security, a disgruntled employee can attack at any time from within your building.
Data sensitivity, importance, and value. Most companies' greatest corporate asset is their data. Credit card information, corporate financial records, customer account information, and personnel records are extremely valuable and sensitive data types. The more crucial the data is and the more value it has to your company or your competitors, the greater the risk of unauthorized access attempts.
Protection and detection capabilities. Your best offense is a good defense. The knowledge that your data center is well defended and that the risk of discovery is high might be enough to deter an individual from attempting a break-in.
Proficiency level of security staff. Your corporate security staff and their training have a direct impact on the level of risk your company faces. Nightly patrol rounds at random intervals and training in computer security topics help reduce your risk.
Employee security consciousness. Several years ago, I worked as a contractor at a facility that required badges for access. Because of a glitch, I didn't have the proper ID for a few days. During that time, numerous employees queried me about where I was going, whom I worked for, and so on. These people weren't security personnel but rather employees who were taking responsibility for corporate security. Training employees to be security conscious can help extend the eyes and ears of your dedicated security staff.
Previous
Register
