- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
Mich Kabay takes a high-level view of security issues and provides resources to help safeguard your corporate and personal security.
In the previous column, security specialist Jan Buitron, a graduate student in the Master of Science in Information Assurance program at Norwich University, began a report on a horribly insecure facility at which she worked some years ago. Today she goes from the outside to the squishy inside of the house of horrors.
* * *
Facility design (outside the building)
Since the IT department was in operation from 6 a.m. to 7 p.m. every day, the exterior of the building should have been well lit for personnel safety, but it wasn’t. The exterior entrance door to the showroom floor had no floodlight; in the evenings it got very dark. The main entrance door to the IT department had two automatic floodlights pointed at it, but visibility overall was poor. The door was set back in a recessed area on the side of the main building, and visibility of the area was reduced.
The automatic floodlights were supposed to switch on when it got dark. As it turned out, they worked very well in the summer, but in cold weather in winter, there were nights when the light never switched on (or it would switch on after I was leaving the facility). I mentioned the poor lighting and lack of attention to personnel safety several times to my management, but my concerns were never addressed.
Facility design (inside the building)
The core processing for the whole company was housed in a separate area in the same building as manufacturing. One piece of good planning in place was that manufacturing and the data center were on separate circuits with separate power feeds.
The incoming power for manufacturing was in a locked room near the manufacturing area. The incoming T-1 1ine was also in the same room.
The circuit breaker boxes were in two different exposed areas. One was in a garage bay where company trucks parked. Anyone from the street could walk in at any time and throw the switch on the breaker box, cutting off power instantly to all of the company’s servers.
The breaker box for the server room was just inside a main exterior door on the other side of the building. Although the breaker box on the wall was kept locked, anyone could walk into the hallway where the breaker box was and pick the lock on the box. After gaining access to the breaker box, it was easy to flip off the switch in the breaker box and bring down all of the company’s servers at once. The data center was equipped with a motion-detection system armed each night by the last employee to leave. The circuit breaker was not in the area covered by the motion detectors.
M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (2)
Bathroom Server roomBy Anonymous on October 1, 2008, 11:06 amFollow this link to see a server room that must be accessed VIA THE LADIES RESTROOM in the handicapped stall! http://thedailywtf.com/Articles/The-Stalled-Server-Room.aspx
Reply | Read entire comment
data centerBy Anonymous on September 25, 2008, 6:52 pmI once worked for a small outfit that had a half-dozen large servers and a couple of UPS units in a room with only a window air conditioner. An old through-the-wall...
Reply | Read entire comment
View all comments