How to hold strong against sophisticated attacks

 

 fri170400900

Product Manager

Written by Hans Baumann/ Data Centre Solutions Product Manager/Rittal North America LLC

No New Threats, New Vulnerabilities

When security at IT monitoring company SolarWinds was breached, the hackers used numerous legitimate software (including Amazon Web Services cloud hosting) to gain access to systems of multiple federal agencies and over 100 private companies. What other software vendors may be targeted in the future?

This is just a most recent example of new vulnerabilities. Some attacks aren’t coming directly at companies but through partners instead. The cyberthreats we’ve heard about for years remain threats today. They’re just happening in new, more sophisticated ways.

This issue is so important that the Department of Homeland Security’s Protective Security Coordination Division offers voluntary, non-regulatory vulnerability assessments of critical infrastructure to help prevent and mitigate the risk of terrorist attacks.

As we learned in Part 1 of this series, there is nothing that network/server racks can do about cyberthreats. What about physical threats? Are there new areas of vulnerability that should be considered?

Challenges of the Internet of Things (IoT)

The sheer number of networked devices in the Internet of Things (IoT) is increasing tremendously day by day. This truly is a hyperconnected planet. As new technologies are adopted, become widespread and successful, more and more issues arise: speed of communication, quantity of IoT data, allocation of data, network bandwidth, content generation, and security/privacy. Not to mention all of those new users.

As important as all issues may be, security is moving up on the list of concerns. In fact, a 2018 survey found that the #1 impediment to IoT deployment is security (50% of all respondents answered this), higher than lack of ROI, compliance, and lack of internal skill sets.

IoT Infrastructure capable components must receive the same attention, consideration, and protection as switches, servers, storage devices, etc.

Checking the Boxes of Physical Security

When you take a big picture look at data centre physical security, you can get overwhelmed. At the perimeter, within the building, and at the enclosure … they each require a solid security strategy. How many of these boxes can you check currently? How many are on your list for future use?

[  ] On-premise security officers

[  ] Security breach alarms

[  ] Server operations monitoring

[  ] Electronic motion detectors

[  ] Video surveillance

[  ] Biometric access sensors

[  ] UPS backup generators

[  ] Fire suppression system

[  ] Redundant HVAC controlled environment

[  ] Network/server rack system

Given those multiple layers of protection, that final box is the last line of defence. Because it is at the footprint that all the pieces come together: local indicators, environmental monitoring, intelligent PDU, climate control, electronic access control, UPS and batteries. As well as all of those IT appliances and the ancillary hardware connecting them to each of us.

IT Cabinets That Put a Premium on Security

The focus is on physical threat awareness and prevention. Stopping every type of break-in is not possible. What can be achieved, however, is to minimize external points of vulnerability and back those up with the right systems (mentioned above) at the enclosure.

One automated monitoring and control system for network/server racks is Rittal’s CMC III, which provides real-time, centralized sharing of environmental conditions and sends notifications when alarms are triggered. In addition, the system electronically controls physical access using PIN codes or magnetic card readers. The two access control devices can even be combined to provide dual factor access control - both a PIN code AND access card would be required to gain entry.  Cameras can be added to provide an additional level of  security. The CMC III system is an example of how data centres’ growth can be met with more complex, sophisticated equipment.

Fire protection can work in conjunction with security solutions. Rittal’s DET-AC III is a compact enclosure mounted fire alarm and active extinguisher system. There’s no need to find and use handheld fire extinguishing devices when an alarm starts the extinguishing process automatically.

Both systems have SNMP communications and included software to provide real-time monitoring and incident record keeping. Trends, event logs, operational graphs can all be provided through the software. And, with the onboard TCP/IP protocol, an end user can interface with existing corporate security systems, whether locally at the facility or back to a central monitoring station such as a NOC or SOC. As said above, these systems may not prevent a focused attacker, but may just provide enough of a head start to contain and minimize the threat to your network operations.

And finally a strong word of warning.  About the ever-present USB port.  And how much damage one person can do with the ubiquitous, and seemingly harmless, USB stick. Jump drive. Thumb drive. Whatever you call it. I call it a weapon - stick a virus on it. Walk to an open cabinet. Plug it in. Look busy for 3 - 5 seconds. Pop it out. And wait for the weapon to activate. Just remember - a closed and LOCKED door is the last barrier between not making the evening news reports and front page of every newspaper and all those USB ports.

When it comes down to it, IT facilities managers know how to implement security at their data centres. You handle the cameras, guards, security checks, truck barriers, and more. We’re here to provide peace of mind that your IT cabinets (your final line of defence) are as secure as they can possibly be.

comments
0