There are several approaches to securing an enterprise. Each comprises a portion of any company's security plan. Vulnerability management, Risk Management, Survivability and Accountability or chain of responsibility all play key roles with each having two key components internal risk and external risk. Physical Security is often overlooked. The machines that store our data and those with the proper authority to access them are difficult to secure at a physical level. In particular, those companies with mobile workforces should view this challenge differently than those without.
The new data centers that are being built today include biometric panels for access, security cameras and/or IP based video surveillance, access panels requiring a combination of key access and biometrics, and in some instances key fobs that maintain randomized passwords coordinated with a server. Whether permitting access or recording access, all of these systems are key components to the physical security of an enterprise. Intelligent patching and a good network monitoring program can also help by maintaining records of ingress and egress.
With the introduction of IP based video, companies can have a central monitoring location for all sites. Data is compressed and stored on random access disks rather than sequential tapes and cameras can be controlled (PTZ or Pan, Tilt, and Zoom) from a central management station as well. The cameras can be placed anywhere there is a network connection and by utilizing the new Power over Ethernet standard, can also be provided power over the network cabling.
Communications areas and other intermediate telecommunication rooms should also have some form of restricted access. If not properly secured, any switch or router can be compromised through its console port. Assuring that unscrupulous users do not have access to the console port is just as important as assuring their file level access. This can be further improved by tight control of IP addresses, the MAC addresses that use each address and other communications layer controls. This can be accomplished in a variety of ways, dependent on the equipment manufacturer and available options.
Proper physical media is a key component. A network's effectiveness can be undermined by a poorly performing infrastructure system. Each layer of management adds a level of complexity and traffic. If the systems cannot communicate without frequent retransmissions, or even not communicate at all, they have no affect on overall security. Adding to this would be tamper proof faceplates and hiding or not connecting unused ports from the patch panel to the switch removing ingress points. In a recent IDC survey, based on 2003 data, network cabling was the third greatest threat to an enterprise. Much of the legislation that has been introduced includes documentation of all network resources including physical layer documentation for all points of ingress and egress. It is important not only to know what resides on your network, but knowing where it resides can be equally critical.
All of the areas mentioned above have one key element, that is the physical infrastructure. The cabling medium, either copper, fiber or a combination of both are key to assuring end to end effectiveness of any element added to an enterprise. In other areas of the network, the solutions can completely fail if the proper infrastructure is not in place. Intelligent patching monitors all connections within the cross connect field. This allows a network manager to determine where and when a connection was either made or broken. It also allows the network manager to determine faults in real time based on the physical layer.
In conclusion, physical security must be addressed at each and every layer of a network.
Carrie Higbie, Global Network Applications Market Manager, The Siemon Company
Carrie has been involved in the computing and networking industries for nearly 20 years. She has worked with manufacturing firms, medical institutions, casinos, healthcare providers, cable and wireless providers and a wide variety of other industries in both networking design/implementation, project management and software development for privately held consulting firms and most recently Network and Software Solutions.
Carrie currently works with The Siemon Company where her responsibilities include providing liaison services to electronic manufacturers to assure that there is harmony between the active electronics and existing and future cabling infrastructures. She participates with the IEEE, TIA and various consortiums for standards acceptance and works to further educate the end user community on the importance of a quality infrastructure. Carrie currently holds an RCDD/LAN Specialist from BICSI, MCNE from Novell and several other certifications.
