Re: Shared cabinet "security"

[Sean <spedersen.lists () gmail com>]

Some examples from where I work:

- Open space, but your own cabinet. We have open areas where there are rows of half and full cabinets where customers 
can rent space. That cabinet space is theirs, but they’re in the open and anyone can get to the physical cabinet. While 
in general the cabinets are secure, they could still be broken in to. One could also disconnect power from the overhead 
junction boxes, or cut the fiber/copper feed going into the cabinets. 

- Caged space. Your cabinets are inside a locked cage. You can choose to have a “ceiling” installed if you think 
someone is going to squirrel their way up the walls. The whole area is locked, no one else can get in. Unless they 
crawl under the floor! Access to power and data lines are only available inside the cage. 

- Completely isolated space. We have a few customers that have paid to build literal walls around their leased space, 
giving them a completely isolated data center within a data center. Probably the most secure from the customer’s 
perspective, as they can and have employed their own man-traps, security systems, surveillance, etc. on top of our own.

- Module space. We have fully-enclosed modules that are RFID card access only. Half or whole modules can be leased. 
Similar to a caged space, but completely sealed and self-contained. Some of them are shared space, so the same 
potential issues in the first bullet apply.

On top of this, the data center is carded, man-trapped, iris-scanner’d, video-surveilled, etc. No lasers or 
pressure-sensitive plates. 

These are just examples to illustrate some of the different levels of access someone else might have to another 
entity’s gear. I’d be curious to hear examples of cases where malicious activity took place within a data center, one 
customer to another.



On 2/10/16, 7:59 AM, "NANOG on behalf of Mike Hammett" <nanog-bounces () nanog org on behalf of nanog () ics-il net> 
wrote:

> I say "security" because I know that in a shared space, nothing is completely secure. I also know that with enough 
> intent, someone will accomplish whatever they set out to do regarding breaking something of someone else's. My concern 
> is mainly towards mitigation of accidents. This could even apply to a certain degree to things within your own space 
> and your own careless techs 
>
> If you have multiple entities in a shared space, how can you mitigate the chances of someone doing something (assuming 
> accidentally) to disrupt your operations? I'm thinking accidentally unplug the wrong power cord, patch cord, etc. 
> Accidentally power off or reboot the wrong device. 
>
> Obviously labels are an easy way to point out to someone that's looking at the right place at the right time. Some 
> devices have a cage around the power cord, but some do not. 
>
> Any sort of mesh panels you could put on the front\rear of your gear that you would mount with the same rack screw 
> that holds your gear in? 
>
>
>
>
> ----- 
> Mike Hammett 
> Intelligent Computing Solutions 
> http://www.ics-il.com 
>
> Midwest-IX 
> http://www.midwest-ix.com