Comments
A Guide to Physical Datacenter Security
Newest First  |  Oldest First  |  Threaded View
Becca L
50%
50%
Becca L,
User Rank: Author
8/31/2014 | 2:17:43 PM
Re: Barely Skims the Surface
Spoken like someone who has seen it all,  thanks for adding some color to these securtiy measures. Interesting point about giving tours and runthroughs with the police, I imagine these are not the armed robbery kind of scenes they are typically treained for.  
Becca L
50%
50%
Becca L,
User Rank: Author
8/31/2014 | 2:14:17 PM
Re: Interesting article
I like that. Sometimes the most basic security measures are the best ones.
Becca L
50%
50%
Becca L,
User Rank: Author
8/31/2014 | 2:12:15 PM
Ive seen this movie...
"These cameras should have a clear view of the ceiling as well, because some intruders will try to use the ceiling as a way to crawl into your facility." Googling intruders coming through the ceiling yield a wildly surprising # of results.  A lifetime of Hollywood should prepare us all for this. It's Catwoman's signature move. Not to mention a key approach in Oceans 11,12 and 13. And this is basically in every episode of Alias.
reese2
100%
0%
reese2,
User Rank: Apprentice
8/29/2014 | 5:53:11 PM
Barely Skims the Surface
So much more to securing a data center.  Need to broaden your approach to look at both environmental and security factors.  

You location has a lot to do with the risks you face.  Look at what types of severe weather events could impact that location. 

If near an interstate, an accident with hazmat materials could shut it down. Look at the city water supply system and determine how many tank trucks you would need to keep going for a certain amount of time.  Hopefully, you data center is not located anywhere near a high crime area, but do note what types of business and agencies are in your neighborhood. Do they attract people you do not want near your data center? 

I spent many years reviewing the security of data centers. I could usually find a vulnerability that would enable a person with evil intent to enter the building and gain access to the critical areas.  Often, the protection of the generator and diesel fuel storage is overlooked.  Could critical air conditioning equipment be easily compromised?Too frequently, delivery trucks could drive up to the loading dock without being screened. They should be screened at a safe distance from the building.  

Depending on police response when intrusion detection alarms are sounded is a recipe for disaster.  It's good to know your police response times, both to a 9-1-1 and to an electronic alarm, relayed through a central station. Your guard force should be armed preferably with special police authority, and be well trained. The fire department and police should be given tours of your facility so they both understand its importance and have some plans for how to respond to an emergency.

 

 

 

 

 

 

   
sarasota786
50%
50%
sarasota786,
User Rank: Apprentice
8/18/2014 | 1:12:50 AM
Re: Interesting article
Thanks for your perspective on this, this is most important in data center security, physical security  also build and it is very easy to handle, are you give me  better tip for handle physical security, my business also joint cloudwedge and suffered same problem but are you give me your valuable suggestion.  http://www.cloudwedge.com
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
8/13/2014 | 3:20:29 PM
Re: Interesting article
When I recently visited a data center in NJ, I found it interesting that the "man traps" at each exit (small phone booth-like exits) weigh the person at entry and exit. Before they are allowed to leave, if they weigh more than when they entered, the 'man trap' locks and a security guard comes to inspect the individual. They do this so a person can't carry out a hard drive, or server by putting it in a bag.
Byurcan
50%
50%
Byurcan,
User Rank: Author
8/13/2014 | 9:39:51 AM
Interesting article
I tent to think about data breaches as it pertains to cyber security and hacks, but this is a good reminder that physicals ecurity is also paramount.


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.