Blog / That BLACK BOX Can be Dangerous
But little attention is paid the information stored on the servers – and the their vulnerability to theft. I’m not talking about passwords, file permissions, firewalls or other cyber means of securing your data. I’m talking about physical security of the servers and components.
We often see server racks in common areas; lunchrooms, file rooms, utility rooms, and so on. More often than not, these rooms are not locked – some don’t even have doors. Staff and guests are free to come and go as they please. One client even built a special room for the servers but they regularly leave the door wide open – all the time.
Did you know that most servers have removable hard drives – and that most servers can run without 1 or 2 drives and not skip a beat? They’re called hot-swappable drives and the system is designed to facilitate easy maintenance without taking a server offline. Further, most servers have redundancy in the hard drive matrix, and so the server continues to operate without one (or more) drives. When replacement drives are inserted, the matrix rebuilds itself. It’s a very robust system.
But one drive could contain all of the server files and data.
So a person with a minimum of knowledge can walk into your server room, yank out a drive and walk out with all of your data – and you’d never know it or who did it.
And while you’re looking at the server rack, consider this:
Where are the backup drives (or removable media)? Most backup devices require a physical connection to the servers, and so chances are it’s sitting somewhere in the rack. If they are (the popular) portable hard drives, it’s easy to unplug them and walk out with your backup. Even easier is ejecting the current backup removable media and walking out the door.
Of course, backup media are usually nicely labelled, but then left in the most bizarre places. One client had a backup cartridge sitting on their desk in an area open to the public. When asked, she said it had been there for more than 3 months.
And then there was the client who stored the backup media on top of the filing cabinet in the shop …
How about the client that has the receptionist take the backup media home in her purse? Do you really want your corporate data taking that journey?
So the message is that physical security matters just as much as cyber security – maybe more. Here are some common-sense tips:
- Close and lock the server room door. Put an automatic closer and spring lock on the door to insure it isn’t left open. Control the access by labeling and securing the server room keys. The ultimate in access control to the server room is one of the newer (commercial-grade) electronic locks with keypad entry. They can also track and log access.
- If you can’t lock the server room, consider upgrading your rack to an enclosed rack with lockable access – and control the keys.
- Store backup media in secure locked containers; think of it like cash. Get a small fire-rated safe for onsite storage. Store at least one copy offsite in a secure location (Bank Safety Deposit Box) or another secure safe in a remote location.
Please contact us, your Primary Tech, or Bradley Siddell – our Director of IT Security if you would like more information on securing your servers and backups.
And pay attention to the big BLACK BOX.