Shared cabinet "security"
spedersen.lists at gmail.com
Fri Feb 12 14:56:07 UTC 2016
Some examples from where I work:
- Open space, but your own cabinet. We have open areas where there are rows of half and full cabinets where customers can rent space. That cabinet space is theirs, but they’re in the open and anyone can get to the physical cabinet. While in general the cabinets are secure, they could still be broken in to. One could also disconnect power from the overhead junction boxes, or cut the fiber/copper feed going into the cabinets.
- Caged space. Your cabinets are inside a locked cage. You can choose to have a “ceiling” installed if you think someone is going to squirrel their way up the walls. The whole area is locked, no one else can get in. Unless they crawl under the floor! Access to power and data lines are only available inside the cage.
- Completely isolated space. We have a few customers that have paid to build literal walls around their leased space, giving them a completely isolated data center within a data center. Probably the most secure from the customer’s perspective, as they can and have employed their own man-traps, security systems, surveillance, etc. on top of our own.
- Module space. We have fully-enclosed modules that are RFID card access only. Half or whole modules can be leased. Similar to a caged space, but completely sealed and self-contained. Some of them are shared space, so the same potential issues in the first bullet apply.
On top of this, the data center is carded, man-trapped, iris-scanner’d, video-surveilled, etc. No lasers or pressure-sensitive plates.
These are just examples to illustrate some of the different levels of access someone else might have to another entity’s gear. I’d be curious to hear examples of cases where malicious activity took place within a data center, one customer to another.
On 2/10/16, 7:59 AM, "NANOG on behalf of Mike Hammett" <nanog-bounces at nanog.org on behalf of nanog at ics-il.net> wrote:
>I say "security" because I know that in a shared space, nothing is completely secure. I also know that with enough intent, someone will accomplish whatever they set out to do regarding breaking something of someone else's. My concern is mainly towards mitigation of accidents. This could even apply to a certain degree to things within your own space and your own careless techs
>If you have multiple entities in a shared space, how can you mitigate the chances of someone doing something (assuming accidentally) to disrupt your operations? I'm thinking accidentally unplug the wrong power cord, patch cord, etc. Accidentally power off or reboot the wrong device.
>Obviously labels are an easy way to point out to someone that's looking at the right place at the right time. Some devices have a cage around the power cord, but some do not.
>Any sort of mesh panels you could put on the front\rear of your gear that you would mount with the same rack screw that holds your gear in?
>Intelligent Computing Solutions
More information about the NANOG