Site & Facility Security Controls
A CISSP candidate must understand the various threats to physical security. The elements of site- and facility-requirements planning and design, the various physical security controls including access controls, technical controls, environmental and life safety controls, and administrative controls.
Physical security controls often found in these locations include:
- Strong access controls: It includes the use of key cards, plus a PIN pad or biometric.
- Visitor log: All visitors, who generally require a continuous escort, often are required to sign a visitor log.
- Asset check-in / check-out log: All personnel are required to log the Introduction and removal of any equipment and media.
- Video surveillance: Cameras fixed at entrances to wiring closets and data center entrances, as well as the interior of those facilities, to observe the goings-on of both authorized personnel and intruders.
- Fire suppression: Inert gas fire suppression is better of water sprinklers, because water can damage computing equipment in case of discharge.
Wiring closets/intermediate distribution facilities
Wiring closets, server rooms, and media and evidence storage facilities contain high-value equipment and/or media that is critical.
An intermediate distribution frame (IDF) serves as a distribution point for cables from the main distribution frame (MDF) to individual cables connected to equipment in areas distant from these frames.
A patch panel is generally a rack or wall-mounted structure that arranges cable connections. It is important to protect both, the integrity of the cables and overheating of the networking devices caused by masses of disruptive cabling. If a cable inside a wall becomes damaged or fails, you can patch around that cable by simply changing the connection on two patch panels.
Server Rooms/Data Centers
Data center and server room security can be implemented by placing CCTV cameras inside the data center (or server room,) and at the entrance along with a security guard.
The sensor should be deployed to monitor the devices. Things like:
- Water Leaks
- Physical Security
Access door should be controlled with biometric and passwords. Rack devices should be secured from the robbery.
There are, several locking systems for rack devices. These locks are typically implemented in the doors on the front of a rack cabinet:
- Swing handle/wing knob locks with common key
- Swing handle/wing knob locks with unique key
- Swing handle with the number and key lock
- Electronic locks
- Radio-frequency identification (RFID) card locks
SAN is a highly critical system, which requires high security, high availability, confidentiality, and integrity. So, an organization must be aware of these fundamental security requirements of every SAN.
SAN Security is focused on the following Security issues:
- Network: It includes Confidentiality, Authentication, Integrity, Availability, non-repudiation.
- Implementation: It includes High Availability, Fault Monitoring, Predictive fabric management, Backup, Recovery, Intelligent routing and rerouting, Dynamic failover protection, Non-disruptive server and storage maintenance, Hardware zoning for creating safe and secure environments, No Single Point of Failure
- Management: The integrity of SAN Management can be compromised either intentionally or accidentally. Following are some of the possible causes: (1) Exposed network administration passwords are allowing unauthorized individuals. (2) Changes to security and access control policies allowing unauthorized servers or switches to gain access to SAN. (3) Changes to zoning information allowing access to storage and read/write to data
Site & Facility Design Principles & Security Controls- Part 2