Securing your server includes more than just making sure that the electronic links to the server are not compromised. This tip, excerpted from InformIT, discusses physical access to the server,
Anonymous is an experienced hacker and security consultant.
The two cardinal points are where your server is housed, and who has physical access to it. Security specialists have long held that if malicious users have physical access, security controls are pointless. Is this true? Absolutely. Nearly all computer systems are vulnerable to onsite attack.
Attack in this sense can mean many things. For example, what if you gave a malicious user ten seconds alone with your servers? Could he, within that timeframe, do anything substantial? Certainly. He could perform brutish denial-of-service attacks merely by disconnecting wires, unplugging network hardware, or rebooting your servers.
But these acts are rare in office settings. Instead, concern yourself chiefly with authorized local users. Experts estimate that insiders initiate 65%-80% of all serious intrusions, and with good reason: Insiders often possess information and physical access that outsiders do not.
But that's not the only advantage insiders have. Trust is another. In many companies, trusted employees roam freely, without fear of interrogation. After all, they're supposed to be onsite. So, how do you protect your system from the enemy within? Government agencies and Internet service providers favor establishing a network operations center (NOC), and enforcing strict policies on who can access it.
A network operations center is a restricted area that houses your servers. Here, you typically bolt your servers down, fasten them to racks, or otherwise secure them, along with other essential hardware.
Ideally, few people should have access to your NOC. Those who do should have keys. One method is to use card keys that restrict even authorized users to certain times of day. Finally, consider keeping a log of when personnel enter and leave.
Also, establish your NOC with these points in mind:
- Nest it inside other office space, away from the public, preferably not on the ground
- Passageways leading to it should be solid -- no glass doors.
- Doors should have metal shielding, from the lock casing to the surrounding frame. This stops
intruders from tampering with the lock's sliding bolt.
Consider closed-circuit TV.
To read the entire article from which this tip comes, click over to InformIT. You have to register there, but the registration is free.
This was first published in November 2002