Re: Shared cabinet "security"

[Otto Monnig <omonnig () gmail com>]

Mistake prevention is the key.  Neatness counts.

Label everything - cubicle, equipment, cables using high quality labels that won’t fall off.  Use a meaningful labeling 
scheme. Label both sides of the equipment with letters large enough for everyone to read. Color coding is nice until 
you have dim lighting or a color-blind tech.

Separate power and data for the wired stuff.  EMI leakage is real.  Secure power cords to the equipment.  Secure cables 
to PDU so they don’t fall out when bumped.  Secure the cables for “wall wart” power supplies so that they do mot 
loosen.  Learned this the hard way after plugs vibrated or “fell” out.

If you have issues with others pugging into your power, use electrical outlet blocker plugs (baby proofing supplies) 
and mark them as if the outlet is broken.

Secure your data cables so that they do not block the heat exhaust of the equipment.  Use cable boots to prevent damage 
to cable clips, and to prevent tugging on other cables when making changes.  Don’t bend cables beyond the minimum bend 
radius.

You’re only as safe as the most dangerous technician that is allowed into the space.

--
Otto Monnig
CTO
KTG IP, LLC
omonnig () gmail com



> On Feb 12, 2016, at 2:58 PM, Mike Hammett <nanog () ics-il net> wrote:
>
>
> That moment when you hit send and remember a couple things… 
>
> Of course labeling of the cables. 
>
> Maybe colored wire loom for fiber and DACs in the vertical spaces to go along with the previously mentioned color 
> scheme? 
>
>
>
>
> ----- 
> Mike Hammett 
> Intelligent Computing Solutions 
> http://www.ics-il.com 
>
> Midwest-IX 
> http://www.midwest-ix.com 
>
> ----- Original Message -----
>
> From: "Mike Hammett" <nanog () ics-il net> 
> To: "North American Network Operators' Group" <nanog () nanog org> 
> Sent: Friday, February 12, 2016 2:53:17 PM 
> Subject: Re: Shared cabinet "security" 
>
>
> I am finding a bunch of covers for the front. I do wish they stuck out more than an inch (like two). 
> http://www.middleatlantic.com/~/media/middleatlantic/documents/techdocs/s_sf%20series%20security%20covers_96-035/96_035s_sf.ashx
>  
>
> It looks like these guys stick out 1.5”. That may be workable… 
> http://www.lowellmfg.com/tinymce/jscripts/tiny_mce/plugins/filemanager/files/1717-SSCV.pdf 
>
> I guess those covers are really only useful for servers. That really wouldn’t work with a switch\router. Switches and 
> routers are going to be the bulk of what we’re dealing with. 
>
> I am finding locking power cables, but that seems to be specific to the PDU you’re using as it requires the other 
> half of the lock on the PDU. 
>
> I did come across colored power cords. I wonder with some enforced cable management, colored power cables, etc. we 
> would have “good enough”? You get some 1U or 2U cable organizers, require cables to be secured to the management, 
> vertical cables in shared spaces are bound together by customer, color of Velcro matches color of the power cord? 
> Blue customer, green customer, red customer, etc. Could do the cat6 patch cables that way too, but that gets lost 
> when moving to glass or DACs. 
>
> I thought about a web cam that would record anyone coming into the cabinet, but Equinix doesn’t really allow pictures 
> in their facilities, so that’s not going to fly. Door contacts should be helpful for an audit log of at least when 
> the doors were opened or closed. 
>
> Financial penalty from the violator to the victim if there’s an uh oh? 
>
> I’m not trying to save someone from themselves. I’m not trying to lock the whole thing down. Just trying to prevent 
> mistakes in a shared space. 
>
>
>
>
> ----- 
> Mike Hammett 
> Intelligent Computing Solutions 
> http://www.ics-il.com 
>
> Midwest-IX 
> http://www.midwest-ix.com 
>
> ----- Original Message ----- 
>
> From: "Mike Hammett" <nanog () ics-il net> 
> To: "North American Network Operators' Group" <nanog () nanog org> 
> Sent: Wednesday, February 10, 2016 8:59:08 AM 
> Subject: Shared cabinet "security" 
>
> I say "security" because I know that in a shared space, nothing is completely secure. I also know that with enough 
> intent, someone will accomplish whatever they set out to do regarding breaking something of someone else's. My 
> concern is mainly towards mitigation of accidents. This could even apply to a certain degree to things within your 
> own space and your own careless techs 
>
> If you have multiple entities in a shared space, how can you mitigate the chances of someone doing something 
> (assuming accidentally) to disrupt your operations? I'm thinking accidentally unplug the wrong power cord, patch 
> cord, etc. Accidentally power off or reboot the wrong device. 
>
> Obviously labels are an easy way to point out to someone that's looking at the right place at the right time. Some 
> devices have a cage around the power cord, but some do not. 
>
> Any sort of mesh panels you could put on the front\rear of your gear that you would mount with the same rack screw 
> that holds your gear in? 
>
>
>
>
> ----- 
> Mike Hammett 
> Intelligent Computing Solutions 
> http://www.ics-il.com 
>
> Midwest-IX 
> http://www.midwest-ix.com