Site selection, design, and configuration
Physical safety of personnel is the top priority when selecting, designing and configuring a site.
Site Selection Issues
Greenfield process of choosing a site to construct a building or data center. A greenfield is an undeveloped lot of land, which is the design equivalent of a blank canvas.
Topography
Physical shape of the land: hills, valleys, trees etc. Military installations will leverage (or alter) the topography of the site as a defensive measure. Topography can be used to steer ingress or egress to controlled points.
Utility Reliability
Electricity outages are among the most common of all failures and disasters. UPSs will provide protection against short term power failures and Generators provide longer protection though require refueling.
Crime
Primary issue is employee safety. Additional issue include theft of company assets.
Site Design and Configuration Issues
Example Design decisions: Will the site be externally marked as a datacenter? Is there shared tenancy? Where is the telco demarc?
A secure site design cannot compensate for poor site selection decisions. They are complimentary concepts that embody part of physical defense in depth.
Site Marking
Many datacenters are not externally marked to avoid drawing attention to the facility. Similar controls include attention avoiding details such as a muted building design.
Shared Tenancy and Adjacent Buildings
Other tenants in the building can pose security risks. Their physical security controls will impact yours. Adjacent buildings pose similar risk. Attackers can enter a less secure adjacent building and use that as a base to attack by breaking in through a shared wall. What about wireless security?
Wiring Closets
If an adversary gained access to wiring closets, they could potentially connect rogue systems or access points to the network, deny service to critical systems by disconnecting cables, degrade performance by introducing layer 2 loops etc. Technical or logical defenses could mitigate some of those challenges. With physical access the expectation is an adversary can cause harm despite logical defenses.
Shared Demarc
A shared demarcation point is where the ISP’s responsibility ends (where the customer’s begins). Access to demarc allows attacks on CIA. of all circuits and data flowing over them. Shared demarcs should employ strong physical access controls including identifying, authenticating, and authorizing all access. Accountability controls should be in place. For very secure sites, construction of multiple segregated demarcs is recommended.
Server Rooms
Controlling and auditing physical access is necessary. In addition, securing doors, walls, ceilings and floors are important especially with shared tenants. Environmental controls such as adequate HVAC – Cooling and power are crucial to provide uptime and availability.
Media Storage Facilities
Offsite media storage should be employed to protect against a disaster of the primary facility by allowing disaster recovery. Licensed and bonded couriers should be used to transfer the media. Media storage facilities should be adequately protected. The media should be stored in a manner that does not significantly diminish future access to the data.
System Defenses
Assumes attacker has physical access to device or media containing sensitive information. Below are the final controls assuming all else has failed.
Asset Tracking
Detailed asset tracking enhance physical security by identifying where regulated data is stored within a system. In the case of employee termination it will show exactly what the employee needs to return. Data such as serial numbers and model numbers are useful in case of loss or theft.
Port Controls
USB ports need to be protected due to data exfiltration. Physical ports can be disabled physically via wires, motherboard, or electronically via system policy using group policy.
Environmental Controls
Electricity
Types of Electrical Faults
- Blackout – Prolonged loss of power
- Brownout – Prolonged low voltage
- Fault – Short loss of power
- Surge – Prolonged high voltage
- Spike – Temporary high voltage
- Sag – Temporary low voltage
Surge Protectors, UPSs, and Generator
- Surge protectors – Protect equipment from damage due to electrical surges and spike by regulating power levels using fuses
- Uninterruptible Power Supplies – UPS provide temporary backup power and also provides “clean” power protecting agains surges spikes and other faults.
- Generators – Provide power for longer period of times and will run as long as fuel is available.
EMI
Electricity generates magnetism and electrical conductors emits electromagnetic interference (EMI). Circuits, power cables, network cables emits EMI. UTP cabling is susceptible to cross talk vs STP (shielded twisted pair) or coax. Fiber optics uses light and is not susceptible. Integrity or confidentiality can be impacted.
