Tuesday, October 11, 2011

Physical Security - Datacenter BluePrint

Physical Security ( Information Security  ) 

                            A significant amount of security incidents are found to be performed utilizing some vulnerability of the physical security.

So, here is a set of rules to create a blueprint of physical security of a IT department and data center for a company.
  1. The system room must not have windows. Ideally, it should be in the center of the building.

  2. All equipment that is not used must be stored in dedicated storage space, away from production environment

  3. All high security spaces should be monitored by CCTV cameras.
  4. Access control zones must be implemented, to create a security barrier as well as provide a log of access activities. These are created by doors opened by electronic key cards or multiple-factor authentication.
  5. All windows should be fully tempered, and equipped with a glass break sensor connected to a central alarm system
  6. All spaces that don't have 24/7 access should have motion sensors connected to the central alarm system.
  7. The design of the environment should enable technical service personnel to operate with minimal risk of unauthenticated access to data
  8. All alarm events and CCTV control should be under maximum security but should NOT be accessible by IT personnel
  9. Paper, optical and magnetic data carriers should be handled in a controlled environment, and properly destroyed prior to discarding
  10. High security environment should always implement multi-factor authentication.
The following image presents a concept for an IT department and System room environment that follows the presented set of rules:

The set-up of the environment is the following:
The reception area is the only way to access the entire floor, and everyone accessing this space is recorded on the CCTV camera. The access to the rest of the floor is restricted by an key card controlled door.
The Communication Room is also in the reception area, and it is accessible by a key card and PIN controlled door. It houses access panels where the communication providers (Telecoms, Internet, VPN etc.) terminate the purchased links. This is the last point where a representative of the telco providers can access to configure connectivity. The comm room has to be opened by an authorized System Administrator, so the telco provider's person is always escorted by an authorized person.
All the corridors in the space around the data-room are under CCTV surveillance
All offices have windows made of tempered glass that cannot be opened and are equipped with motion sensors which activate after 7 PM.
Support center which is manned 24/7, the toilet and the equipment storage room are the only rooms without motion sensor. These spaces can be used 24/7 so there is no point in placing motion sensors.
All documentation photocopying and destruction is performed in a dedicated room equipped with proper devices (shredder, degausser).
Dedicated storage space is used to store all unused equipment, which is accessed by a key card controlled door and is also monitored by CCTV.
The data-room is central to the floor, and has strengthened walls (Blue walls). The data-room is divided into two segments:
  • Pre-system space - this space is accessible via a dual key card door, which opens only when two persons use their key cards simultaneously. The Pre-system space contains the supporting infrastructure, which is placed outside of the system space to minimize risks of battery or coolant leaks, and to allow service personnel to access and service this infrastructure without having access to the actual servers.

  • System space - this space is accessible via the dead-man door, which is actually a very small corridor (only fits one person at a time) with two doors at the end. If one of the doors is open the other is automatically locked. In order to pass through the dead-man door, one must pass a multi-factor authentication: He/She needs to present his key card (something he/she has), type in the corresponding PIN (something he/she knows), and after entering the dead-man space, he is measured to verify the stored weight of the person, and a biometric verification is performed - retina or fingerprint (something he/she is).
The system space is under constant CCTV surveillance, and it also contains a separate small electronically locked space where the security controllers reside, to isolate these controllers from the SysAdmins.

No comments:

Post a Comment

Open source Tools for Live Meeting(Web Conferencing)

posts. Guys the most of you find these posts a valuable resource for the e-Learning community. As a result, the following post is Free and Open Source Web Conferencing (Online Meetings, Webinars) Tools for e-Learning.

The following list contains free and open source Web Conferencing tools that are n't in particular order.

Also, you should be sure that the e-Learning community will highly appreciate:

  1. if you post a comment with your experience with these tools and/or,

  2. if you post a comment with a link to any other free and open source Web Conferencing tool.

We support Free eLearning! Do you?

I support Free eLearning

BigBluebutton* is built for Higher Education. It enables universities and colleges to deliver a high-quality learning experience to remote students. BigBlueButton is an active open source project that focuses on usability, modularity, and clean design -- both for the user and the developer. The project is hosted at Google Code. BigBlueButton is built by combining over fourteen open source components.

*note: Epignosis has created a module that provides integration of BigBlueButton conferencing in eFront Open Source Learning Management System. BigBlueButton is a free web-conferencing tool with text chat, audio and video capabilites, a virtual whiteboard and many more presentation and conferencing features.

OpenMeetings is a free browser-based software that allows you to set up instantly a conference in the Web. You can use your microphone or webcam, share documents on a white board, share your screen or record meetings. It is available as hosted service or you download and install a package on your server with no limitations in usage or users.

OpenMeetings Key Features Mini Demo

Mikogo is a free desktop sharing tool full of features to assist you in conducting the perfect online meeting or web conference. Take advantage of the opportunity to share any screen content or application over the Internet in true color quality with up to 10 participants simultaneously, while still sitting at your desk.

Yugma free web conferencing allows anyone, anywhere to instantly share their desktop and ideas online with others. To start hosting your own meetings you have to sign up for FREE. Your Yugma Free web conferencing account allows you to invite up to 20 attendees

Using WebHuddle, you have options and flexibility. Meetings can be conducted either in conjunction with an enterprise’s existing teleconferencing service, or utilizing WebHuddle’s optional voice over IP. WebHuddle also offers recording capabilities -- presentations can easily be recorded for playback over any web browser for those who missed the live meeting.

With Vyew you can give a presentation to a hundred people online or post a document you've been working on for review by your colleagues at the convenience. Vyew is extremely flexible alloying you to bring online collaboration and conferencing into your workflow on your terms.

Dimdim delivers synchronized live presentations, whiteboards and web pages while sharing your voice and video over the Internet - with no download. With the Free edition you can get 10 person meetings, 1 way video, standard support, Dimdim branded rooms, and public meetings.

*note: Epignosis has created a module that provides integration of Dimdim conferencing in eFront  Open Source Learning Management System.

Adobe® ConnectNow is a great way to share ideas, discuss details, and complete work with others all online. Reduce travel costs, save time, and increase productivity with a web conferencing solution that's easy to access and simple to use. ConnectNow operates inside a web browser. There's no installation required, so getting started is easy and Free