We continue our exploration of physical security by having a look at how to make your own physical labeling and master key index systems as well as the practical and security implications that we need to bear in mind.
Having covered naming conventions in the last issue we are now ready to tackle the physical labeling of our devices. As usual we will be starting at the center of our universe the communications and networking core center and associated infrastructure.
Labeling
There are a number of important considerations that need to be taken into account when designing and implementing a physical labeling structure. We have already looked at the first one which was a naming convention. We will now look at the actual physical labels in more detail.
Clarity
Always clearly label devices and take care that the label itself is clearly visible. You do not want to have to adjust the device so that you can read its label.
Legibility
Always ensure that whatever is on your labels; be it alpha-numeric characters or symbols, is clearly and unmistakably readily legible. I tend to stick with true-type fonts and in most instances use upper case characters. Devices such as the portable labeler shown in the picture do an admirable job.
Hand-Written Labels
When ever writing labels by hand; such as on the self-adhesive varieties, there are a couple of rules that need to be followed.
Bar Codes
While bar codes are an asset at stock-take and audit time they are useless when it comes to physical connectivity and troubleshooting. This is even more reason to use multiple label types for your labeling systems.
The bar code labels are great for the speed reading by machines; especially at audit time. The labels with the alpha-numeric characters are much more “human friendly” for us humans to use on a day-to-day functional basis.
Color
Color-coding your labels is also very handy as it adds another dimension that can be invaluable in the speedy recognition of what is out of place. We humans are very visual creatures and color is an important element of this. So it only makes sense to make use of that which comes “naturally”.
For example: if the colors of two paired and matching labels don’t match then you can see at a glance that something is wrong and needs closer inspection. The possibilities are endless so I will leave the rest up to you.
Just remember that when ever using color-coded labels that the extra redundancy that this imparts to your physical naming and labeling structures will pay dividends in many ways. From the troubleshooting perspective color-coded labels can be a great assistance in getting to the root cause of a physical connectivity issue.
An example of this would be in the use of labels for dedicated devices such as a switch that is the distribution point for a number of workgroup access switches.
All of the workgroup level switches that connect to a specific centrally located distribution switch may have a red star, a red 1 or even a label with a red background as seen in Fig.1.
Every little bit counts and visual clues are essential for speed and proficiency.
Symbols
Whenever you use symbols or contracted labeling (abbreviated) always remember to keep a master index and register detailing the full expanded version of the contraction along with the symbols.
Where symbols are concerned it is usually a good idea to keep your symbolic structures fairly simple and not over lengthy. In most situations you will find that six to twelve or so different symbols will be more than sufficient.
In Fig.1 the red star could indicate that this device belonged to a particular VLAN or as already mentioned that all devices with the red star might all be connected to the same central distribution switch.
Remember the naming convention structures that we discussed last time. Don’t worry I have included the naming convention hierarchy structure table that we created last time.
To refresh your memory and for the benefit of those who have as yet not read the last issue here is the naming convention code that we developed last time:
Facility number 1, Rack number 4, Shelf number 2, Slot number 3 becomes: F1R4S2S3.
In addition we also know that the addition of the red star means that this distribution switch is related in some way to all of our workgroup access switches. In the example that we have been using this means that all of the access switches are connected (cabled) to this particular central distribution switch. The access switches will have a similar label and star affixed to them.
Carried Consistency
This is known as “carried consistency” which means that the conventions in one area are carried on through and applied to all other areas. In any hierarchal structure the attribute of consistency is highly desired and prized.
I will be discussing the value of carried consistency a little later. I will also be presenting examples to illustrate carried consistency in practice. One of which I have presented in the next section where I cite the case of telephone cabling and wire tapping.
Self-Adhesive Labels
Another possible medium that you might consider are paper-based self-adhesive labels. As a labeling system paper-based self-adhesive have been around for a considerable time now. While they do have their drawbacks many are out-weighed by the benefits. The biggest benefit to using self-adhesive labels is purely a simple matter of economics. They are comparatively cheap.
Magnetic Strips
Using magnetic strips; such as the fridge magnetic variety, is not something you should be wasting your time considering. They are far too easily removed both deliberately and accidentally.
Magnetic materials with embedded magnetic information might be essential to credit cards, smart cards and the like but they do not belong with your network and communications infrastructure and devices. Areas where magnetic fields are generated such as a rack of routers and switches can destroy this magnetically stored data leaving you back at square one.
Engraving
Using an engraver to permanently tag a device with a code of some sort is all about recovery rather than creating a easily identified label. An engraved version of your label can be of assistance in identifying devices that have lost their primary “human-friendly” main label.
A word of warning; do not engrave those sections of your devices that have protective coatings applied as this may well render the proactive coating layer null and void.
Other Labeling Media
Marking pens, computer printed labels and tags, tie-on tags, super glue and label plate combinations as well as embossed media are also labeling systems that you may need to consider. Which; way you go, will depend on your current situation and the objectives that a naming convention and labeling systems is meant to deliver.
Network Wall Adapters, Power Face Plates and Power Cords
Often overlooked in the “bigger picture” wall adapter, and power faceplates and power cords must also be labeled in an appropriate manner that is consistent with your other naming and labeling systems.
The purpose of doing this is to expedite the identification of the appropriate connectors for devices and infrastructure alike. It is handy to be able to identify the power cord of any device in the shortest possible time. This strategy will pay dividends when it comes time to perform many routine network administrative tasks and troubleshooting.
You will now be able to follow the physical connectivity aspects of your network/system from one end to the other using your naming and labeling conventions since you implemented a carried consistency throughout the network including the network’s core, distribution, access devices and infrastructure.
Glossary of Label Acronyms and Symbols
Building your master list index structure is a must. Once done it should be regularly checked, maintained and updated as necessary. The exact procedures and timings by which this is to be done will be defined in your naming conventions and labeling policy. Make sure all who may take part in these processes are aware of the requirements of your Policy and abide by the directions contained therein.
As for the cabling we could tag the cables with labels along similar lines. This in conjunction with the master “key list” is in fact the same type of keyed color/alpha-numeric coding system used by the phone company’s technicians when they need to sort out physical connectivity issues at major junction boxes that contain cables with literally thousands of twisted pair wires.
So you see it is a practical system that has over the years been shown time and time again to work and work well at that! Tapping a phone line is as we all know possible. But in practice without the assistance of the cable/label key index unpractical unless the tap is done very close to the destination i.e. the wire going from the street to your house.
In short your master “key” index works pretty much like a list of acronyms or a glossary. It is the combination of multiple visual clues that makes for speedy recognition as well as adding another layer of built-in physical security. This is most important when it comes to some of the high end switches that have massive port densities.
Label Placement
One of the most important of all aspects of building your own physical labeling system is consistency. Always place the labels in the same relative position. For example: in the center, the left or right, top or bottom.
The easiest way to find out the best way is by a short trial and test run. Make some temporary, non-permanent, removable labels and put them on the devices (blue tack is handy here). Leave the room for a while and then come back and check out how easy the labels are to see. You may also get a colleague to do this.
One important thing here is to pay attention to where your eye immediately focuses when you first look for the label. If your labels aren’t here you will know it because you will need to scan the device to find it. Try placing the label where your eye went first. This will help to give your labels the “at-a-glance” feature that will save you much time in the future.
Ventilation
Do not place or affix your labels in such a way that they cover or obstruct any of the ventilation inlet/outlet ducts (air holes) of your devices. Modern computing equipment including networking devices such as switches and routers generate considerable heat and must be well ventilated.
This becomes even more important when it comes to central facilities where there are numbers of heat producing devices all in the one room. In fact the generation of excess heat has been a major concern in data centers for quite some time now. The result that we have seen has been large and expensive cooling systems.
The “Green” Factor
Today however; the “green factor” is becoming ever more important and not just because reducing the amount of energy your facility consumes. As a result we are seeing a need for compliance and manufacturers are trying to do their bit by producing newer devices that perform better, use less energy, produce less excess heat, occupy less space and cost less all round.
The rest; well it’s up to us and the accounts department will be happy if you can reduce your overheads and the consumption of utilities is at the top of their hit list. You can also use this argument as very good and valid reason for the purchase of new equipment. “It is going to save us more money than it costs”. This has and still is a very strong argument that management understands.
Label Placement Conventions
Now with the ideal location for your device labels decided make it a convention. This is how and where all labels are to be attached to devices and containers etc. Document this as it will be part of your Labeling Policy. Staff will need to understand that this is mandatory and not optional.
Label Placement Strategies
Because manufacturers of high-end devices with massive port densities; like Cisco®, Juniper®, Netgear® etc. badge the ports on these devices you can take advantage of this and incorporate it into your labeling structure. In this case the actual labeling of ports will not be required in the majority of instances.
Generally speaking the manufacturers of devices with massive port densities; as seen in this photograph of a Cisco® Catalyst® 3560-E series switch, will use their own custom naming and labeling conventions. All externally accessible I/O interfaces and ports will be numbered accordingly so we might as well take advantage of the fact.
The next article in the Physical Security Guide (7) will discuss manufacturer naming conventions and how to use them to suit your own needs. We will also take a look at the physical security requirements of our labeling system after which checklists and cross-check solutions will be explored. So until then Enjoy!
Leave Your Response