Let's Get Physical; part 1
Okay. You've got your firewall set up. Most likely you have a good security plan for the network itself, including solid password protection and perhaps even a policy management system. Perhaps you've even added some biometrics to the mix. But how's your physical security? Downtime is more often the result of people fooling around with equipment they oughtn't, maliciously or accidentally. Your security is only as good as the precautions you've taken to prepare your physical plant. Drew Bird reports.
When we discuss security for our server systems, logical security measures tend to take precedence. Lets be honest; configuring a firewall to deter a seasoned hacker is a little more exciting that making sure the lock on the server room door is working properly. However, years of research and numerous statistics show that you are far more likely to lose data or suffer downtime as a result of the actions of an employee than an outside source. That's not to say that firewalls and the like are not important -- they are -- it's simply vital to remember that such measures are only part of an overall security strategy. That security strategy should include physical security measures as well as logical ones. Physical security is about limiting access to equipment for the purposes of preventing tampering, theft, human error and the subsequent downtime these actions bring.
In most environments, many of the basic physical security measures are already in place. Server and other associated equipment are placed in a separate room, away from the prying eyes and wandering fingers of overcurious staff. Backup tapes are commonly password protected, but do such password systems offer the protection your data warrants? For an extra degree of protection, using encryption devices such as the aptly named Paranoia from Avax (www.avax.com) can ensure that if backup tapes fall into the wrong hands, the likelihood of unwanted eyes seeing your data is slim indeed. Security of backup tapes is an often-overlooked aspect of physical security, which is a shame. Organizations spend massive amounts of money creating a physically and logically secure network environment, and then send a backup tape that contains an entire copy of a server's data offsite with little or no protection. In many cases the loss of a tape serves as the wake up call, but often this is a case of closing the barn door after the horse has bolted. As important as the security of offsite tape backups is, it must not distract us from the physical security of our equipment and data while it is onsite.
Inside the server room, server specific racks allow equipment to be stored in a tidy and efficient manner; they also allow keyboards to be protected by a locked door. Most server rack locks are more of a discouragement than a preventative measure, but in many cases that is all that's needed. Network switches, routers and other networking equipment should be similarly protected. The key consideration here is not theft or damage to equipment, but rather the downtime created by a borrowed power cable or the clumsy disconnection of a network cable.