Let's Get Physical; part 2

by Drew Bird

How's your physical security? Downtime is more often the result of people fooling around with equipment they oughtn't, maliciously or accidentally. Your security is only as good as the precautions you've taken to prepare your physical plant. In part 2 we look at server room placement within the phsical plant.

Server Room Placement
An often-overlooked aspect of server room placement is the existence of an outside wall. If someone really wants your data that badly, and you have made it sufficiently difficult to get at it through the inside, another method of getting at your server and valuable data is to come through the wall. Sound a bit extreme? Well it is, but it does happen. Its less of a problem in downtown districts, but in technology parks and warehouse type environments the veil of darkness, lack of people, and modern construction methods make it possible to push a hole in the side of a building using a heavy truck or construction equipment, run in, grab the equipment and be off before someone has thought about what the noise was. If you think this method is a little far fetched, ask one of the organizations that's fallen foul of this kind of attack, which is known as a 'ram raid' for obvious reasons.

While unauthorized access may be easy to manage by careful server room placement and adequate security measures, authorized access brings with it's own challenges, such as when visiting contractors need access to the server room. In a utopian environment, it would be nice to think that the server room contained nothing but computer equipment, but the reality is there is likely to be telephone systems, wiring closets, air-conditioners, fire detection systems and a host of other units, many of which will require outside contractors to maintain. The ideal scenario is that when visitors are in the server room they are escorted and monitored by a member of the IT staff, but in many cases there simply isn't the time or manpower available to have someone standing in the server room chatting it up with an air condition maintenance guy. One approach that provides a cheap and relatively effective method of server room monitoring is the use of video surveillance cameras. Beware, though, there are many restrictions governing the use of closed circuit video cameras, and at the very least anyone entering the server room should be made aware of their existence.

Another approach, which is a security dream and a server administrator's worst nightmare, is a server room with glass walls. The upside is that personnel working in the serve room can be observed by anyone walking past. The downside is that the person being observed could be you. It's just the kind of extra pressure you need when attempting a tricky repair on a mission critical server. Imagine looking up from the server to see a selection of your workmates motioning encouragement, or something else, from the other side of the glass!

Whether or not you have the necessary measures and considerations taken care of, physical security must always be high on the server and network administrators priority list. Physical security is all about prevention rather than cure, and you know what they say about that.

Drew Bird (MCT, MCNI) is a freelance instructor and technical writer. He has been working in the IT industry for 12 years and currently lives in Kelowna, BC., Canada..

This article was originally published on Thursday Aug 2nd 2001