- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
Mich Kabay takes a high-level view of security issues and provides resources to help safeguard your corporate and personal security.
In the previous two columns (see: Part 1 and Part 2), security specialist Jan Buitron reported on a horribly non-secure facility at which she worked some years ago. Today she summarizes her conclusions about the state of facilities security at this dreadful site.
In medieval poet Dante Alighieri’s (1265-1321) conception of hell, the eighth ditch of the eighth circle of hell is reserved for fraudulent counselors. [See “The Physical Structure of Inferno”] It seems to me that the people who managed facilities security for the company in question deserved to be in that particular ditch! I think that readers should examine their own facilities with a critical eye in light of this case study.
* * *
Observations and Recommendations
The company needed to move the data center! There were moving plans in place when I left the company, but the plans were verbal. The underlying reason for the move was partly to improve the data center’s situation, and also the data center manager’s commute would be shorter (!).
Common sense and industry experience tell us that this case study illustrates the following principles:
* A data center site should be located in an area with well-maintained streets and adequate street lighting and storm drainage.
* The building must be away from multi-lane highways, train tracks and train tank cars full of flammable liquids.
* The data center central processing area should be located in an area central to the building with no exterior walls adjacent
to critical computing equipment.
* A motion detection alarm system should protect all areas of concern including access doors, circuit breaker access and control
rooms.
* The surrounding area must contain no oil refineries or chemical plants. A suitable site should be away from industrialized
areas.
* The area should be away from transmission towers and sources of high-frequency radio waves.
* A data center site should include redundant power feeds to the central processing area.
* A data center site should have the ability to quickly connect to a back-up T-1 line in the event the primary line is severed.
* Circuit breakers, electrical equipment should be maintained in separate rooms with restricted access.
* The walls surrounding the central data processing area must act as complete partitions from the floor to the roof. This
design prevents an intruder from climbing up and over a partial partition by lifting ceiling tiles and climbing over the wall.
* Electronic badge access should be installed for access to the server rooms.
* For personnel safety and building security, the exterior lightning should be designed for maximum visibility with reliable
lighting.
* For personnel safety and site security, the parking lot should be adequately lit, well maintained and free of debris and
hazards.
M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (4)
flammable liquids, huh?By Anonymous on October 8, 2008, 11:27 pmThe point about being away from multi-lane highways and railroad tracks is pretty good. Flammable liquids is, in my opinion, of a lower concern than the plume of...
Reply | Read entire comment
Nice list...where was the action?By Anonymous on October 4, 2008, 5:08 am80% of DC's in today's world would not meet DC Tier-rating criteria, therefore creating a checklist of faults is easy. The real interesting story should be one of...
Reply | Read entire comment
Duh!By Anonymous on October 1, 2008, 6:42 pmIf their security person had considered the issues they would, at the very least, have looked at DoD instructions for securing facilities. Since those guidelines...
Reply | Read entire comment
Server room in the Ladies BathroomBy Anonymous on October 1, 2008, 11:18 amFollow this link to see a server room that must be accessed VIA THE LADIES RESTROOM in the handicapped stall! http://thedailywtf.com/Articles/The-Stalled-Server-Room.aspx
Reply | Read entire comment
View all comments