Computer Co-location Facility Vulnerabilities

[InfoSec News <isn () c4i org>]

http://www.nuclearelephant.com/papers/colo.html

[Definitely a good read, it raises issues I've had for years about 
data-centers, even before 9-11  - WK]


Jonathan A. Zdziarski
jonathan () networkdweebs com 
August 7, 2003 

I've been yelling at people about this for years. I've spent a 
significant portion of the past ten years of my professional career 
working for and with corporations with large co-location facilities. 
Co-location facilities provide a cost effective data center solution 
for many companies, both small and large, enabling remote hosting of 
equipment in a climate controlled environment usually with several 
redundant high-speed connections to the Internet. These facilities are 
responsible for a significant percentage of electronic business 
performed in the United States and other countries. 

In having the privilege of working with a number of these facilities, 
I've also had the opportunity to witness the vulnerabilities that 
could give themselves over to terrorist activities. Prior to September 
11 2001 , I was able to dismiss these fears with the thought that 
nobody would ever want to blow up the city block". Unfortunately today 
these vulnerabilities are both a valid and justifiable concern. 

Many co-location facilities are strategically placed in areas where a 
significant amount of business is occurring, major peering points, 
large corporate concentrations, and many general terrorist targets. 
Some facilities are within immediate proximity to targets such as the 
New York Stock Exchange, the CNN building, and the public and private 
networks that are responsible for the Internet as well as military and 
public service networks. 

What makes this combination of concealment and network connectivity 
even more dangerous is the ability for a coordinated effort to install 
at multiple locations over a period of weeks and detonate 
simultaneously, wreaking havoc to financial institutions, mainstream 
media, communications, and any other such targets vulnerable to such 
an attack. A single target among many, if taken out, could seriously 
cripple the Internet let alone the number of critical private networks 
sharing the same fiber. Due to the placement of such facilities, they 
are unfortunately an ideal target for terrorists to take advantage of. 
These facilities are one of only a few places where an individual is 
capable of introducing heavy, unchecked equipment, leaving it in or 
near a large public concentration of business, and is able to 
communicate remotely with the equipment from virtually anywhere in the 
world. 

These facilities, by nature, are usually built in areas where multiple 
power and telecommunication grids converge meaning the strike of a 
potential target could possibly take out power and all forms of 
telecommunications in a significantly large area for a prolongued 
period, leaving thousands without electricity, emergency services, and 
etcetera. Historically, these conditions frequently lead to a high 
rate of crime and possible loss of life. 

[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.