Before you start
Objectives: Familiarize yourself with general rules of thumb when considering physical security of servers and backup storage.
Prerequisites: no prerequisites.
Key terms: server, room, security, backup, physical, access, ensure, control, data, key, locked
We always have to remember that threats can come from the network, but there’s also a risk from physical attacks. There are some general things that we should do to ensure the physical security of our servers.
The frst thing we should do is to keep our servers inside a separate room. This room is often referred to as a server room. If our servers are located on locations which are accessible to a lot of persons, there is a possibility that someone simply walks right in and takes our server computer away. Besides the theft there is also a threat that someone who is not an IT specialist will try to make configuration changes to our server. If we leave open access to our servers, there’s always possibility for someone to mess things up. They don’t need to intend to do that, but they do something wrong any way. One way to keep ordinary users away from our servers is to use strong administrator password which has to be entered when we power on our server.
Because of all those risks, we have to control access to our servers by using the server room. Remember that the server room has to be locked in order to control access ;). Only a limited number of people should have access to the server room (server administrators, network administrators, and similar). There is also another thing to have in mind when talking about server rooms and that is the ventilation. Because our servers will generate a lot of heat, server rooms have to have proper ventilation and cooling installed.
Most server hardware have the posibility of locking to the server rack somehow. We can even chain it to the desk or the wall by using the cable type lock. This makes it more difficoult for someone to get that server out of the server room. The key for that lock should not be located in the server room :). Remember to keep the key in a separate, secured area.
As we said, we have to ensure the backup of information that resides on our servers, but we also have to keep in mind of where and how we store our backup data. As with servers, we have to ensure that the backup media is not available to any person in our organization. It is even easier to steal, for example, the backup tapes from our organization. Because of that we should always ensured that we our backup storage is in a locked room with a control access and in a locked fire-proof case or cabinet of some sort. The cabinet or case has to be physically attached to the wall or the floor somehow.
As we can see, all those rules are very basic measures, but if we follow them we actually dramatically increase the physical security of our servers.