Core Components

On 08.05.12, In Security, by TechDoc

Location and placement really do matter when it comes to the physical security of core components.

When it comes to the physical security of core components, location and placement really do matter. No other single factor weighs as heavily or pays as handsomely as wisely choosing the locations and placements of your key core components and infrastructure.

Remember always, that physical security encompasses both physical connectivity and availability. It is no good having the most physically secure core components if they are inaccessible. The access types and capabilities will vary in accordance with the purpose of the access and the entity requesting that access.

The major desirable attributes of core components are maximizing up time, reliability, availability, stability, confidentiality and authorized accessibility with the appropriate privileges of course. Down time, particularly of the unplanned variety has no place here.

Read more in Security
« Location and Placement
Mission Critical Components »

Achieving these objectives is no mean feat but we are now going to take our first steps in this area. Eliminating all public access to the core components of our communications and networking structure is a good place to start. Let us start by reviewing the first seven rules of location and placement.

The Rules of Location and Placement

Here again are the first seven rules of location and placement.

  1. Restrict Access

    2. The first rule of location and placement tells us to whenever and wherever possible locate core components, devices and infrastructure where the public cannot gain free access to them. Be aware that you also need to secure your core devices and infrastructure against subversion from within.

  2. Camouflage and Concealment

    3. The second rule of location and placement states that if infrastructure and core components must pass through a publicly accessible location then camouflage and conceal them to keep them out of sight. Use camouflage to your advantage. For more see Location and Placement.

  3. Lock Up and Lock Down

    4. Complement your secure location and placement of core components in a secure location with the appropriate lock up and lock down measures.

    Incorporating locking devices of all types in your physical security strategies is imperative. These measures should compliment one another and any additional lock down technologies and procedures that you implement.

    Monitoring and alarm systems have a big role to play in heightening the security of core components.

  4. Eighty/Twenty

    5. Location and placement rule four (the 80/20 rule) – 80% of the entire network’s traffic should remain local while only 20% leaves the local network. The local traffic and the local network traffic are relative to the subnet(s), internal network(s), external network(s) and internetworks in question.

    Only 20% of the total network traffic should travel over internal core links or the exterior (e.g. the Internet or another branch). Local traffic is between devices located on the same network segment (subnet).

    Provision for organization-wide structures and subdivisions such as branches, facilities, buildings, departments, work groups, functionalities, services, logical associations, processes, traffic type, priorities etc. needs inclusion.

  5. Proximity

    6. Location and placement rule five is the proximity rule which tells us that wherever possible all devices including core components, that have a physical and logical relationship (linked or associated in some way e.g. subnets, work group membership) should be located as physically near to each other as possible.

    This means that you would place all devices servicing B Block together. The distribution layer routers, switches and servers for B Block would be located in the same rack.

  6. Reflection

    7. The sixth rule of location and placement states that physical location, placement and naming should reflect both physical and logical associations as well as any other relevant relationships and dependencies. This holds true for communications and network core components.

  7. Redundancy

    8. Location and placement rule seven is the redundancy rule. Whenever possible ensure that you have included adequate and appropriate redundancy features into your network design. The production environment implementation should reflect this. Having redundant core components adds reliability and robustness to communications and networking environments.

The Location and Placement of Core Components

Once again that old saying about “location, location, it’s all about the location” comes to mind as does “Out of sight, out of mind”.

Unrestricted Public Access

Unlike devices placed in areas permitting free and unrestricted public access, because you have no other practical or feasible alternative, core components and infrastructure beg strict adherence to the first three rules of location and placement.

This brings forth the question “What about rule two how and where do camouflage and concealment come into the picture?”

Concealment

Concealment is achieved simply be locating your core components in a location that has highly restrictive accessibility. One easy way of doing this is by ensuring that there are no less than five controlled access points en route from the most proximal publically accessible area to the core component facility.

Controlled Access Routes

Controlled access routes also help to regulate staff access to the facility housing your core components. Members of staff with no immediate and legitimate purpose for needing access to the core components facility will find that, just like the public they too cannot gain access unheralded.

No Justification

There is most definitely no justifiable reason that members of the public should or might need access to the core components facility. In fact, this applies to all persons other than the communications and networking teams.

Any necessary transient visitations (technicians etc.) are manageable by authorizing and regulating such events as and when required. Once concluded all access authorization and permissions are withdrawn.

Camouflage

Camouflage is achievable by not having a whole pile of signs saying things like “Core infrastructure this way.” In other words, do not advertise your core center’s location. Those who need to go there will know where it is. Do not place your core center where outsiders can look in.

Public Free Zone

Selection of a “public free zone” for the location of your key communications and networks core components and infrastructure will go a long way to achieving as high a level of physical security possible.

There is absolutely no reason why any anonymous member of the public should ever need to access your communications and network core components. Permitting the public the freedom to access your core components at will is just crying out for a catastrophe to strike you down.

Security in Depth

Implementation of multiple additional layers of physical security along the access route to the secure location in which you have placed your core components is essential. This strategy goes by the name of security in depth.

Although, we are focusing on and dealing with the physical elements of this strategy here it would still be amiss of me not to mention that additional procedural and logical security measures also need implementing.

Subversion From Within

You should also take into consideration the sad reality of subversion from within. Whether the intentions are malicious or not, some people just cannot help themselves from putting a spanner in the works.

Lock Up and Lock Down

No prizes for guessing that the “lock up and lock down” rule location and placement involves locks and keys as well as biometrics and other security-oriented aspects such as authentication and identification procedures and processes.

The exact manner of the implementation of these initiatives I will not go into here now but stay tuned because I will elaborate further in another article.

Physically Secure Locations

Place as many; if not all, network core components into as secure an environment as you possibly can. This should include such core components as servers, routers, switches, administrative access workstations and major communications links and equipment. However, this does not mean that they will all be in the same room.

Physical Security Perspective

From a physical security perspective, a secure environment means a whole lot more than just locks and keys, video cameras and security guards. It also includes the actual physical “health” and functional availability of the devices concerned.

Core Component Facility Environment

Environmental control systems such as air-conditioning are an essential part of every communications and networking core components facility. Their management and delivery is also a matter for physical security and not just the maintenance staff.

Utilities

Utilities such as electricity and communications links (telephone lines, leased lines, cable etc.) are other key mission critical service components that need addressing from a physical security perspective.

Next time we will look into Mission Critical Components. Until then enjoy!

Leave Your Response

Popular Articles

  • How to Make Laptop Battery Last Longer
  • A Day in The Life of a Netbook
  • How to Make an Andy Warhol Style Photo with Gimp in Five Easy Steps
  • Computers are Worthless, Says Astronomer Royal
  • Will Droid Unsettle iPhone and Blackberry?
  • Apple is Like No Other Computer Company..
  • Document Storage in Your Computer
  • Beating The Odds in Digital Encryption
  • Wubi
  • Saas Software as a Service