nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Collocation Access

From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: Mon, 23 Oct 2006 14:17:45 -0400

On Mon, 23 Oct 2006 10:40:19 -0700 (PDT), "John A. Kilpatrick"
<john () hypergeek net> wrote:



On Mon, 23 Oct 2006, Craig Holland wrote:


In fact he did have an AT&T badge which he was not allowed to hand over
either.  The fellow I chatted with at AT&T said they are not allowed to
hand over their badge because it would compromise their security.


My tech said the same thing.  That keycard could grant central office 
access so he couldn't surrender it.


That's quite likely accurate.  My AT&T badge let me in via unattended
entrances at a variety of facilities; I'd expect that a tech's badge would
indeed work for many COs.

A better answer is for the COLO management to supply a number, on
request, to tenants; they'd pass this number on to their supplier, for
one-time use by the tech.

A government-issued ID (at most) proves your identity; it says nothing
about your authorization to be somewhere.  A company-issued ID (at most)
proves that you work for some company that may or may not (a) be present
at the COLO, and (b) may or may not be there for legitimate reasons.
What's necessary here is *permission*.

                --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
Previous By Date Next
Previous By Thread Next

Current thread: