Information Security News mailing list archives
Extreme Security For Web Servers
From: InfoSec News <isn () C4I ORG>
Date: Mon, 5 Feb 2001 00:05:24 -0600
http://www.washingtonpost.com/wp-dyn/articles/A16197-2001Feb1.html By Dina ElBoghdady Washington Post Staff Writer Friday, February 2, 2001; Page E05 To enter the vaults inside the windowless bunker-like compound requires punching in key codes and slipping your fingers into a series of scanners similar to those used at the U.S. Navy's nuclear facilities. The scanners leave little to chance. Their sensitive glass touch pads read thumbprints and detect body heat and pulse. "So if someone cuts your thumb off, they can't use it to get in," Patrick Sweeney said. Welcome to ServerVault. Sweeney, its founder, hopes the Dulles facility he opened in January will be a standout among the increasingly crowded field of Web-hosting centers. Such centers were built to provide the pipes, power and space needed to house computers that manage Web sites. But their proliferation during the past few years has left many of them competing for a niche market. The security paranoid seems to be the target of choice in the scramble for customers. Corporate espionage. Disgruntled employees. High-tech pranksters. Debilitating brownouts. Cyber-terrorism. All have increased demand for centers built to withstand physical intrusions, ward off network tampering and keep Web sites running at all costs. "For many businesses, their information is like gold and they want something the equivalent of Fort Knox for holding that information," said Counse Broders, senior Internet service analyst with Sterling-based Current Analysis. A scare at Colorado-based Verio Inc. demonstrates the high stakes. The company's Springfield office, which houses about 800 servers that power business and other Web sites, received two written bomb threats in mid-January. The threats, which proved to be fake, are under investigation by the Fairfax County Police Department. More high-profile cases have increased security awareness. Consider the recent attacks that crippled Microsoft Corp.'s Web sites by flooding them with false requests for information. Or the hackers who may have gained access to credit card information at Egghead.com, an online computer-shopping site. Most Web hosting firms, including Verio, tout security to some degree. But the levels range from the rent-a-cop variety to the extremes offered by ServerVault. Wrought-iron fences that can withstand 50,000 pounds of force -- like that produced by a fast-moving car -- enclose the company's steel-lined building, set back 200 feet from the street and patrolled by armed guards. There are two diesel generators, enough to power the city of Herndon for 12 days, to provide electricity in case of a blackout. And the network itself has many sources of Internet access, so if one system goes down, another takes its place. The vaults holding the computers, or servers, that manage customer Web sites were built to withstand fire, floods or interference from outside signals. Such security measures mark a return to the mentality of the 1970s and early 1980s, when data and telecommunications centers were built to shield against spies trying to intercept government information electronically, said Brenda Medlin, senior vice president of Lee Technologies Group in Fairfax. "The Internet has brought back the need for security in these centers, but for a different reason," Medlin said. "It used to be people were looking for a way to not lose data. Now businesses and individuals are looking for data not to be interrupted." Lee Technologies, which specializes in security for data centers, has seen the phenomenon firsthand. The company has grown steadily since its creation in 1983. But business surged in 1998 because of the Internet boom, Medlin said. Still, unless government requires businesses to meet certain security standards, as it does the insurance industry, some analysts predict that ultra-high security Web hosting centers might not be lucrative. "Typically, it's a tough sell because the stakes are so high," said Joel Yaffee, an analyst at the Giga Information Group. "If the data were somehow compromised, it would have tremendous impact on some businesses. It's a matter of balancing the risk with the rewards." Martin Tessler, chief operating officer at Cardobe Technologies Inc., said many potential clients at first are reluctant to turn over sensitive data to an outside company such as Cardobe, which stores business documents. "They don't have confidence because they don't trust technology or because it's out of their control," Tessler said. "But if we discuss the way they handle their information versus how we handle the information, we can convince people that putting it in our hands is much safer." ServerVault is banking on that sales pitch. Cardobe turned over to ServerVault its data, Web site management, and the external network its customers use to view applications. ServerVault engineers, three-quarters of whom held top security clearance from former government jobs, will be allowed into to the rooms where servers are kept. Clients who want a peek at the machines must rely on a virtual tour, through headsets mounted on the engineers' caps. "Someone who keeps this information in-house could never recruit this kind of talent or expertise," said Sweeney, who was a data center consultant at Trammell Crow Co., a commercial real estate provider, before creating ServerVault. "Even the background investigations on the engineers would be cost-prohibitive." ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Extreme Security For Web Servers InfoSec News (Feb 04)
- Re: Extreme Security For Web Servers Dave Dittrich (Feb 06)