Server Rooms/Data Centers

408
Chapter 10 
■
Physical Security Requirements
Server rooms should be located at the core of the building. Try to avoid locating 
these rooms on the ground fl oor, on the top fl oor, and in the basement whenever possible. 
Additionally, the server room should be located away from water, gas, and sewage lines. These 
pose too large a risk of leakage or fl ooding, which can cause serious damage and downtime.
The walls of your server room should also have a one-hour minimum 
fire rating.
making Servers Inaccessible
The running joke in the IT security realm is that the most secure computer is one that is 
disconnected from the network and sealed in a room with no doors or windows. No, seri-
ously, that’s the joke. But there’s a massive grain of truth and irony in it as well. 
Carlos operates security processes and platforms for a fi nancial banking fi rm, and he 
knows all about one-way systems and unreachable devices. Sensitive business transac-
tions occur in fractions of a second, and one wrong move could pose serious risks to data 
and involved parties. 
In his experience, Carlos knows that the least accessible and least human-friendly places 
are his most valuable assets, so he stores many of his machines inside a separate bank 
vault. You’d have to be a talented burglar, a skilled safecracker, and a determined com-
puter attacker to breach his security defenses. 
Not all business applications and processes warrant this extreme sort of prevention. 
What security recommendations might you suggest to make a server more inconvenient 
or inaccessible, short of dedicating a vault? An interior room with limited access, no win-
dows, and only one entry/exit point makes an excellent substitute when an empty vault 
isn’t available. The key is to select a space with limited access and then to establish seri-
ous hurdles to entry (especially unauthorized entry). CCTV monitoring on the door and 
motion detectors inside the space can also help maintain proper attention to who is com-
ing and going.
For many organizations their datacenter and their server room are one and the same. 
For some organizations, a datacenter is an external location used to house the bulk of their 
backend computer servers, data storage equipment, and network management equipment. 
This could be a separate building nearby the primary offi ces or it could be a remote loca-
tion. A datacenter might be owned and managed exclusively by your organization, or it 
could be a leased service from a datacenter provider. A datacenter could be a single-tenant 
confi guration or a multitenant confi guration. No matter what the variation, in addition to 
the concerns of a server room, many other concepts are likely relevant. 

Implement Site and Facility Security Controls 
409
In many datacenters and server rooms, a variety of technical controls are employed as 
access control mechanisms to manage physical access. These include, but are not limited to: 
smart/dumb cards, proximity readers, biometrics, intrusion detection systems (IDSs), and a 
design based around defense in depth.

Download 19,3 Mb.

Do'stlaringiz bilan baham: