Industry News

Sample

25 May 2017

Breaking down data centre security

Ian Bitterlin, a UK Chartered Engineer with more than 25 years' experience in data centre power and cooling, suggests the easiest way to disable a data centre, with a little Hollywood glamour?

 

Data centre security comes in two main parts, physical and data. They can be related, much like the break in through the roof of a London data centre and the theft of several servers, although it turned out that the thieves were interested in the microprocessors rather than the data on the hard-drives. Data security applies to most businesses, but especially those storing personal and financial details, e.g. a credit card processing centre, and that security is achieved by data encryption, firewalls and anti-virus software etc, although recent history has regularly shown that it is far from infallible; witness the tens of thousands of ?stolen' credit card data sets reported every few months.

I have had my main card cancelled and replaced with a new number three times in the last 18 months, although I have no idea if the data breach is with the card, the network or the data centre. It appears that a data security system created by man can be broken by a teenager who doesn't like daylight? a modern form of Bletchley Park.

Physical security is far more obvious: metal fences topped with razor wire, CCTV around the perimeter, no vehicles allowed inside the fence other than delivery trucks through a ram-raid-proof vehicle trap, man-trap turnstile, security entrance with bullet-proof glass, no visitors without 48 hours notice and photo ID, biometrics, one-way air-lock with weight measurement, zoned access cards and internal CCTV ? the list can go on.

The one thing that no one can protect against is a direct lightning strike to the facility ? proven by Google

Then the subtleties, like a blast-wall between any adjacent road and the data centre building, or ensuring that the vehicle entrance is after a tight turn and not at the end of a street where a vehicle can gain sufficient momentum to break through the perimeter, or building a steel mesh into the walls to resist the ?man with an aggressive machine' (as was called Intrusion Level 5).

The physical security also extends to electrical protection including EMP (Electro Magnetic Pulse, not necessarily from a nuclear device but also from a vehicle-mounted, high-energy electromagnetic radiation source), even bonding that steel mesh in the walls to ground/earth to create a Faraday Cage or fitting ?Tempest' filters; at its simplest, fitting surge protection to limit damage to ICT hardware from grid-borne transients. The one thing that no one can protect against is a direct lightning strike to the facility ? proven by Google, but that is another story.

How to disable a data centre

So, what is the easiest way to ?disable' a data centre, if you can't create lightning strikes? It is rather easier than many people might think. I used the word ?disable' to differentiate between data theft in any form and putting the facility out of action. I was recently engaged to advise on just that scenario and the client had in mind the classic ideas of hacking into the BMS system, or directly into the UPS, generator and cooling system controllers, and turning things off remotely. That may be a nice idea for a Hollywood tech thriller but no one in their right mind would connect such systems to the outside world via the internet or phone line.

Remote alarming and reports (all one way) may be acceptable but control systems (for UPS, etc) that have been available for 25 years having the capability to turn-off the system remotely have never found willing users. However, the answer is simple and does not involve entering the facility either physically or via a communication link. It lies in the basic definition of a data centre. For example, when starting the EU CoC, EN50600 or ISO 30134, a disproportionate amount of time was spent trying to define what a data centre ?was'. All sorts of interested parties wanted to exclude server rooms or place a lower limit on cabinets or a minimum kW rating etc.

Disabling a dish isn't difficult as they are usually in plain sight and a large calibre assault rifle will make a fatal impact

However, if we look back to 2001 a typical internet data centre plan for 1,000 cabinets at 2kW per cabinet can, today, be out-computed by a single 2kW server ? such has been the power of Moore's Law and its simple derivative, Koomey's Law. No doubt 1,000 cabinets fulfilled any definition of a data centre so, today, most people agree that any facility that has three crucial elements is a data centre; those elements being compute, storage and I/O. Some folks also advocate that it should have a dedicated power supply, grounding system and cooling system but the latest low-energy designs (such as Google and Facebook) tend to show that, under certain circumstances, those additional items are nice to have rather than essential.

So, to disable a facility simply needs us to remove one element. Disabling compute or storage will require us to break in, either physically or via the connectivity but to remove the connectivity itself disables the facility totally until bulk communications can be restored.

Data transmission rates have made satellite dishes nearly useless for bulk data links and only a few (mainly military/security) facilities have them. Anyway, disabling a dish isn't difficult as they are usually in plain sight and a large calibre assault rifle will make a fatal impact in well under 10 seconds.

But you don't need a weapon to disable fibre connectivity (although a hand-grenade probably does a better job), since a few gallons of petrol in a fibre access pit will severely damage the fibre, but the delivery process is identical. Walking around the facility will identify the access pits and most are even labelled as such in their cast lids. Having a fibre map/plan is more certain and may well identify strategic fibre connection points that are further away and out of site of the primary CCTV. For example, up a main-road to a POP, motorway, canal or railway line.

Identify all the pits, coordinate each lid to be lifted at the same time (e.g. in the middle of the night when escape is not hampered by traffic) and empty one jerry-can of petrol into each pit, light the blue touch-paper and retire quickly. The facility may lose some data in transit but will be, to all intents and purposes, untouched but useless for several days if not a week or two.

I guess that locked/welded lids and pits fitted with detection and fire-suppression is a future market opportunity but may well infringe local regulations in many locations. But, what man builds, another man can tear down. I think I feel a screenplay coming along.

Source Credits: https://thestack.com/data-centre/2017/04/28/breaking-down-data-centre-security

View all Industry News
Loading

Latest News

2019 Sponsors

Diamond Sponsor

  • Huawei

 

VIP Lounge Sponsor

  • Anixter2

 

Official Project Delivery Partner

  • Turner and Towner

Live Data Centre Sponsors

  • Starline
  • Onion Technology
  • AVCIT Electronics
  • Fourway Engineering
  • TTK Leak Detection
  • Microtac

Live Data Centre Sponsors

  • Johnson Controls
  • Mt Titlis
  • Racks Central Pte Ltd
  • Schneider Electric
  • Viavi
  • Microtac
  • Mitsubishi

 

Platinum Sponsors

  • Eeaton Industries
  • ExtremeNetworks
  • Schneider Electric
  • Anixter

Gold Sponsors

  • Caterpillar
  • Kohler Power
  • MTU Onsite Energy

Gold Sponsors

  • Austin Hughes
  • STULZ
  • Syntax

 

Silver Sponsors

  • Johnson Controls
  • On Engineer
  • Ebm-papst Southeast Asia
  • Centiel 4th Generation Modular UPS
  • Uptime Institute
  • Armstrong
  • Rotarex

 

Silver Sponsors

  • Sterling & Wilson
  • Sacred Sun
  • Sumitomo Electric Industries
  • Saft
  • Southwest Microwave
  • E+I Engineering
  • Linesight

 

Silver Sponsors

  • Suzhou A-Rack
  • Wartsila, Energy Solutions
  • INVT
  • Top Cable
  • Shenzhen iTeaQ Network Power Tech. Co. ,Ltd.
  • Camfil
  • IX Technology

 

Silver Sponsors

  • NALCO WATER
  • Datumstruct Pte Ltd
  • ERI
  • Fuji Electric
  • Vision Batteries
  • Reflex Winkelmann GMBH

 

Bronze Sponsors

  • Computer Room Solutions
  • EAE Elektrik
  • Calorex
  • Aggreko
  • Nohmi
  • Focus HQ PTY LTD

 

Bronze Sponsors

  • Eland Cables
  • Hangzhou Huasu Jada Technology
  • Carlo Gavazzi
  • SMARTr
  • FNT Software
  • KeyOptions




 

Bronze Sponsors

  • Brother
  • Datwyler
  • DENCO, A FLAKTGROUP BRAND
  • Scolmore Group
  • Leash It
  • SHENZHEN HEADSUN





 

Bronze Sponsors

  • Socomec
  • Fourway Engineering
  • Sunbird
  • GSM Pte Ltd
  • Shenzhen EverExceed Industrial Co., Ltd.
  • Office of Planetary Observations

 

Bronze Sponsors

  • TTK Leak Detection
  • Onion Technology
  • Permapipe
  • Vass Electrobar Busways
  • Shenzhen Ritar Power
  • Nvent
  • PI Exchange

 

Bronze Sponsors

  • ADC
  • Racks Central
  • Kaori
  • Rahi Systems
  • Sinway South
  • Hilti
  • Plattar

 

Bronze Sponsors

  • Open Computing
  • Keysight
  • Superloop
  • Shenzhen Haipengxin Electronics
  • smardt
  • Tradesk
  • Wiredhands

 

Bronze Sponsors

  • Starline
  • Taiwan Bussway
  • Unitest Instruments
  • ZPE Systems
  • Viavi
  • Genesis Networks
  • ITRS

 

2019 Partners

Knowledge Partner

  • Frost-&-Sullivan_blu-bkgd-print-jpg

 

News Distribution Partner

  • ACN Newswire

Global Event Partner

  • Data-Centre-Alliance-jpg

 

Associate Content Partner

  • Uptime Institute

 

Strategic SEO Partner

  • AdVantage

 

Strategic Event Partner

  • ISC2

 

Event Partners

  • AiSP
  • ARC Advisory
  • Asia Cloud Computing Association (ACCA)
  • Asosiasi Cloud Computing Indonesia
  • Fintech Association of Hong Kong
  • ISACA Singapore
  • GS1

 

Event Partners

  • Best Practice of eCommerce
  • BigDataX
  • CMO Council
  • CSCIS
  • Singapore Chamber of E-Commerce
  • La French Tech
  • CHIME


 

Event Partners

  • Practical DevSecOps
  • Digital Advertising Association Thailand (DAAT)
  • DevOps Institute
  • Forrester
  • European Data Center Association
  • Smart Asia India



 

Event Partners

  • IASA
  • IPI Singapore
  • itSMF
  • Michael Page
  • IFMA Singapore
  • Plug And Play




 

Event Partners

  • KinerjaBisa
  • Logistics & Supply Chain Management Society
  • NexChange
  • SG Tech
  • Open Connectivity Foundation
  • ASME





 

Event Partners

  • Singapore Cyber Security Consortium (SGCSC)
  • General Assembly
  • Accelerating Asia
  • Structure Research
  • Co Creation Lab






 

Media Partners

  • APAC CIO Outlook
  • APAC CIO Outlook
  • APSM ASEAN
  • APSM ASEAN
  • Asia Blockchain Review
  • Asia Blockchain Review
  • Asia Research News
  • AI Time Journal








 

Media Partners

  • Australian Cybersecurity Magazine
  • Australian Security Magazine
  • BizClik Media
  • SearchCIO
  • Asia Content News









 

Media Partners

  • CryptoNewsZ
  • CIO Advisor APAC
  • Cross Border Magazine
  • ComputerWeekly.com
  • CMO Asia










 

Media Partners

  • Data Storage  ASEAN
  • e27
  • Cyber Security ASEAN
  • Fintech Finance
  • Cybersec Asia











 

Media Partners

  • Gigabit
  • Jumpstart Media
  • My Security Media
  • Retail CIO Outlook
  • Digicon Asia












 

Media Partners

  • Supply Chain Brain
  • Supply Chain Digital
  • Techwire Asia
  • Techtarget
  • FutureCFO













 

Media Partners

  • FutureCIO
  • Frontier Enterprise – Jicara Media
  • Marketing Ops
  • Future IoT
  • Payment & Cards Network
  • Chief IT














 

Media Partners

  • Telecom Era
  • Wire 19
  • 计算机网络世界
  • Disruptive Tech Asean
  • GovTech SEA
  • Enterprise Security Magazine













 

Official Partner Hotel

  • MBS