SlideShare a Scribd company logo

Securing your DC JLBK (DSC).ppt

Download as PPT, PDF
Jeffrey Lam
Jeffrey Lam

Jeffrey Lam presents on migrating to IP-based physical security in data centers. He discusses industry drivers like sensitive data and critical infrastructure that require improved security. Physical security provides tracking, access control, and auditing to complement logical security. The presentation covers developing a physical security plan including Crime Prevention Through Environmental Design principles and TIA-942 standards. Various security technologies are reviewed for perimeter, facility, computer room and cabinet-level controls like access control, video surveillance, and asset tracking.

Technology
1 of 44
Datacenter Strategics, Shanghai 14th May 2010 Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Securing your datacenter Jeffrey Lam RCDD Regional Manager, Anixter Greater China
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Agenda  Industry drivers  Business trends  Developing the physical security plan for data centers – Physical protection guidelines and strategies – Crime Prevention Through Environmental Design (CPTED) – TIA-942 standard  Security technologies for data centers – Perimeter layer controls – Facility layer controls – Computer room layer controls – Cabinet-level controls
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Industry Drivers for Data Center Security  Sensitive data – Medical records – Social Security numbers – Financial transactions and cardholder data – Intellectual property and confidential information  Critical infrastructure and key resources – As defined by the Department of Homeland Security: “The assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, public health or safety, or any combination thereof.”
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Data Security Breaches Source: http://www.privacyrights.org/ar/ChronDataBreaches.htm#2010
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Logical Security Only Physical Security Protecting your information! Physical Security  Tracks people  Limits access to areas, spaces  Provides audit of who accessed what  Integrates with video to provide visual record Logical Security  Tracks logins  Limits access to servers, folders and applications  Provides audit trail of what login accessed what data
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Business Trends in Security Systems  Moving from reactive toward predictive response  Providing additional operator control  Preserving existing capital investment  Regulatory requirements – PCI DSS, HIPAA, Sarbanes-Oxley, etc.
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Technology Trends in Security Systems  Analog-to-digital migration – Digital allows better image management  Record, store, search, retrieve, share, send  System Integration for greater efficiency  Standardized structured approach – Modular, flexible implementation – Easy moves, adds and changes (MAC)  Anywhere - anytime monitoring  Video Analytics
Datacenter Strategics, Shanghai 14th May 2010 Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Developing the Physical Security Plan Physical Protection Guidelines & Strategies Technologies for Data Center Security
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc.  Crime Prevention Through Environmental Design (CPTED) – Perimeter layer controls – Facility layer controls – Computer room layer controls – Cabinet-level controls  ANSI/TIA-942 Physical Protection Guidelines & Strategies
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc.  Crime Prevention Through Environmental Design (CPTED) – Awareness of how people use space All space has a designated purpose Social, cultural, legal and physical dimensions affect behavior – Control physical setting to change behavior Understand and change behavior in relation to physical surroundings Redesign space to encourage legitimate behaviors and discourage illegitimate use Physical Protection Guidelines and Strategies
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Security Technologies for Data Centers Perimeter Perimeter Facility Computer Rooms Cabinets  Site Selection  Defense in depth – Implement layers of protection – Ensure failure of one element in the system will not create a critical vulnerability in the whole system – Delay penetration in event of breaches
Datacenter Strategics, Shanghai 14th May 2010 Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Perimeter Layer Controls Selection of Site Site hardening Video surveillance
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Perimeter Layer Controls  Goals – Deter, detect and delay – Integrate systems – Provide layers of protection  Security measures – Physical barriers – Site hardening – Lighting – Intrusion detection – Video surveillance – Physical entry and access control Perimeter Facility Computer Rooms Cabinets
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. TIA-942 Data Center Site Selection Criteria  Secure all cooling equipment, generators, fuel tanks or access provider equipment situated outside the customer space  The computer room should not be located in close proximity to a parking garage  The building should not be located: – In a 100-year flood plain, near an earthquake fault, on a hill subject to slide risk, or downstream from a dam or water tower – Within 0.4 km (¼ mile) of an airport, research lab, chemical plant, landfill, river, coastline or dam – Within 0.8 km (½ mile) of a military base – Within 1.6 km (1 mile) of a nuclear, munitions or defense plant – Adjacent to a foreign embassy – In high-crime areas
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Site Hardening Security walls and gates No signage indicating data center purpose Keep access points to a minimum Parking away from building Clear zones Intimidating doors and hardware –Steel doors and heavy-duty locks
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. TIA-942 – Data Center Security Tiers (Cont.) Source: ANSI/TIA-942
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. TIA-942 –Data Center Security Tiers (Cont.) Source: ANSI/TIA-942
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Perimeter Video Surveillance Monitor – Perimeter – Parking lots – Entry and exit points – Garbage bins – Power or cooling facilities – Building facade and rooftop Detect – Motion detection Sound alarm or recording when triggered – Intelligent video analytics Object left behind People counting Wrong way – Edge-based vs. server-based analytics Image courtesy of Bosch Security Systems
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. 5.0 MP 2560x1920 3.1 MP 2048x1535 2.0 MP 1600x1200 Resolutions Compared 1.3 MP 1280x1024 PAL 720x576 VGA 640x480 CIF 352x288 Image courtesy of IQinVision
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. HDTV Camera Resolution  Up to 5 times higher resolution than analog TV  SMPTE (Society of Motion Picture and Television  Engineers  Standardized color fidelity  16:9 format – Discards nonrelevant parts – Makes it easier for the operator – Saves bandwidth – Saves storage  HDTV 720 (1280x720)  HDTV 1080 (1920x1080) 16:9 ratio 4:3 ratio Image courtesy of Axis Communications
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Image courtesy of IQinVision VGA (640x480) Video Surveillance: Network Video Megapixel Resolution HDTV 720 (1280x720) HDTV 1080 (1920x1080) 3.1 MP (2048x1535) 5.0 MP (2560x1920)
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Video Management Platforms  Hybrid DVR – Familiar interface – Analog and IP cameras – Proprietary and limited scalability  Hardware NVR – Specifically designed for IP surveillance cameras – Proprietary  VMS on PC/server platform – Nonproprietary – Off-the-shelf hardware – Simplicity in system maintenance – Upgrade single components: memory, CPU, etc. – Best-of-breed hardware components – Preconfigured options available
Datacenter Strategics, Shanghai 14th May 2010 Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Facility Layer Controls Access Control and Video Analytics
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc.  Goals – Secondary layer of protection – Further restrict access – Redundant power and communications – Integrated systems  Security measures – Access control Man-traps Turnstiles Visitor management – Video surveillance Facility Layer Controls Perimeter Facility Computer Rooms Cabinets
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Access Control: Prevent Tailgating  Man-traps – Two interlocking doors open only one at a time after presenting authorized credential  Turnstiles – Physically allow only one person to pass through at a time  Video analytics – “Count” the number of people going through a doorway
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Final design Batteries C R A U C R A U Comms. UPS UPS UPS Reserved for future racks racks racks Operating Console Elect. FM200 cylinders MDA Separate Facility area
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Video Analytics  Analyzes pixels in a frame of video  Detects behaviors in the pixels  Makes decisions based on set characteristics – From simple Motion detection Camera tampering Object recognition and tracking People counting – To complex License plate readers Facial recognition Fire and smoke detection  Is edge-based or server-based – Server-based allows more complexity
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Visitor Management  Paper sign-in sheets not secure – Incomplete, illegible and any visitor can view the log  Use a driver’s license, passport or business card – Scanned, recorded in a secure database – Customizable  High-quality badges printed automatically or by guard – Integrate with existing access control systems  Badges can automatically expire – “VOID” may appear across the badge – Change in color – Prox rendered inactive after a certain time or date
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Indoor Video Surveillance  Monitor exits as well as entrances  Integrate with access control to monitor internal access  Use high-resolution cameras for identification purposes  Configure systems to record on motion or event to save storage requirements  Consider video compression technology
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Camera Resolution: Identification Guidelines Source: Univision High detail General surveillance Forensic detail
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. The Potential Impact of the Cabling Infrastructure IP Video Surveillance  A Category 5e cabling infrastructure’s absence of headroom minimizes the infrastructure’s ability to compensate for marginal electronics  A Category 6A cabling infrastructure provides headroom to overcome issues related to the electronics IP Video Minimally Compliant Category 5e IP Video Category 6A
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. H.264 compression (example savings) Motion JPEG Bandwidth and storage consumption MPEG-4 Part 2 Bandwidth and storage consumption H.264 Bandwidth and storage consumption 80% 50% Lower TCO: Bandwidth and Storage H.264: the ultimate video compression Image courtesy of Axis Communications
Datacenter Strategics, Shanghai 14th May 2010 Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Computer Room Layer Controls Identification Asset tracking
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Computer Room Layer Controls  Goals – Third layer of protection – Further restrict access Multiple forms of verification – Monitor all authorized access – Redundant power & communications – Integrated systems for enhanced awareness  Security measures – Man-traps and turnstiles – Video analytics – Biometrics – RFID – Environmental monitoring  No windows or skylights – “Six-wall” border – Secure air-handling systems Perimeter Facility Computer Rooms Cabinets
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc.  Methods – Carried Item carried by the individual: metal keys, proxy cards, mag cards, photo ID, smart cards – Known Private information: PIN, passwords, code words – Inherent Biometric features finger and thumb prints, hand geometry, iris scan, speech pattern Identity Verification Image courtesy of HID Global and Ingersoll Rand Security Technologies
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. RFID for the Data Center Environment  Eliminate manual spreadsheets for tracking – Inventory – Asset locations – Life-cycle data  RFID technologies can provide instant awareness of data center assets – Rack-mounted equipment – Mobile equipment such as laptops – Employees (e.g., credential tags) – Some systems also offer environmental monitoring sensors
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Zone Manager – Example Data Center Deployment Staging Area Loading Dock Storage Area Racks # 1-8 Racks # 9-16 Racks # 17-24 Racks # 25-32 Racks # 33-40 Racks # 41-48 • Connected to each reader in each zone • Determines precise zone level location Example Output: Tag RFCRCK00000050 is located in Storage Area, which is located in Building 1. Example Output: Tag RFCRCK00000050 is located in Staging Area, which is located in Building 1. Example Output: Tag RFCRCK00000050 is located in Loading Dock, which is located in Building 1. Example Output: Tag RFCRCK00000050 is located in Rack 48, which is located in Building 1.
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Computer Room Layer Controls: Summary  Restrict access  Eliminate tailgating  Monitor exit and entry points  Require multiple identity verification methods  Maintain “six-wall” border  Address proper thermal management  Implement RFID system for asset tracking Perimeter Facility Computer Rooms Cabinets
Datacenter Strategics, Shanghai 14th May 2010 Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Cabinet Layer Controls Cabinet Level access control Intelligent Infrastructure Management
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Cabinet-Level Controls  Goals – Fourth layer of protection – Further restrict access – Integrated systems for enhanced awareness  Security measures – Cabinet-level locking – Audit trails – Intelligent infrastructure Perimeter Facility Computer Rooms Cabinets
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Data Center Solution TZ Praetorian Cablinet Locking System  Increase security at the cabinet level  Work with existing enterprise access control systems  Efficiently bring electronic security and audit trail capability to the cabinet or enclosure level
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. The Power of Integrated Systems IP Data UPS Fiber Panel Access Control Server Core Switch/Router Network Video Recorder (NVR)  Response – Resolves issues faster – Saves time correlating events and timelines – Moves from reactive toward predictive – Provides real-time anywhere alerts for monitoring and recording  Operation – Provides additional operator control – Reduces deployment, training and support costs – Preserves and protects capital investments
Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Summary  Perimeter, facility and computer room physical security may not be sufficient to prevent breaches  IP-enabled physical security systems increase reaction time – Technology maturing – Moving toward predictive response  Leverage existing physical security best practices and industry standards to develop security plan Perimeter Facility Computer Rooms Cabinets
Datacenter Strategics, Shanghai 14th May 2010 Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Thank you! AFCOM Data Center World 2010

Recommended

ICS case studies v2
ICS case studies v2ICS case studies v2
ICS case studies v2
Nguyen Binh
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solution
matthew.maisel
 
Surveon Technology Company Profile
Surveon Technology Company ProfileSurveon Technology Company Profile
Surveon Technology Company Profile
Surveon Technology Inc.
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...
Community Protection Forum
 
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Itir oct0714-afac report-en
Itir oct0714-afac report-enItir oct0714-afac report-en
Itir oct0714-afac report-en
KBIZEAU
 
Edge intelligence slide share
Edge intelligence slide shareEdge intelligence slide share
Edge intelligence slide share
Bit Stew Systems
 
Industry 4.0 Security
Industry 4.0 SecurityIndustry 4.0 Security
Industry 4.0 Security
Duncan Purves
 

Recommended

ICS case studies v2
ICS case studies v2ICS case studies v2
ICS case studies v2
Nguyen Binh
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solution
matthew.maisel
 
Surveon Technology Company Profile
Surveon Technology Company ProfileSurveon Technology Company Profile
Surveon Technology Company Profile
Surveon Technology Inc.
 
How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...How Security can be stronger than a Firewall: 13 different ways breaking thro...
How Security can be stronger than a Firewall: 13 different ways breaking thro...
Community Protection Forum
 
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Itir oct0714-afac report-en
Itir oct0714-afac report-enItir oct0714-afac report-en
Itir oct0714-afac report-en
KBIZEAU
 
Edge intelligence slide share
Edge intelligence slide shareEdge intelligence slide share
Edge intelligence slide share
Bit Stew Systems
 
Industry 4.0 Security
Industry 4.0 SecurityIndustry 4.0 Security
Industry 4.0 Security
Duncan Purves
 
Understanding the Internet of Things Protocols
Understanding the Internet of Things ProtocolsUnderstanding the Internet of Things Protocols
Understanding the Internet of Things Protocols
Real-Time Innovations (RTI)
 
Cisco-Security & Survelliance Ürünleri
Cisco-Security & Survelliance ÜrünleriCisco-Security & Survelliance Ürünleri
Cisco-Security & Survelliance Ürünleri
cem lale
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
Amit Rohatgi
 
Emea Corporate Presentation 0709 Lin
Emea Corporate Presentation 0709 LinEmea Corporate Presentation 0709 Lin
Emea Corporate Presentation 0709 Lin
Joe Sarno
 
Tekforcecorp
Tekforcecorp Tekforcecorp
Tekforcecorp
ZedrickKhan2
 
Blaze Automation Cisco Security And Cctv Camera Solutions
Blaze Automation Cisco Security And Cctv Camera SolutionsBlaze Automation Cisco Security And Cctv Camera Solutions
Blaze Automation Cisco Security And Cctv Camera Solutions
Blaze Automation
 
Fortinet Solution Mapping with AWS Well-Architecture
Fortinet Solution Mapping with AWS Well-ArchitectureFortinet Solution Mapping with AWS Well-Architecture
Fortinet Solution Mapping with AWS Well-Architecture
Yitao Cen
 
Successful Industrial IoT patterns
Successful Industrial IoT patterns Successful Industrial IoT patterns
Successful Industrial IoT patterns
John Mathon
 
CCNAv5 - S1: Chapter11 It's A Network
CCNAv5 - S1: Chapter11 It's A NetworkCCNAv5 - S1: Chapter11 It's A Network
CCNAv5 - S1: Chapter11 It's A Network
Vuz Dở Hơi
 
Chapter 11 : It’s a network
Chapter 11 : It’s a networkChapter 11 : It’s a network
Chapter 11 : It’s a network
teknetir
 
Chapter 11 - It’s a Network
Chapter 11 - It’s a NetworkChapter 11 - It’s a Network
Chapter 11 - It’s a Network
Yaser Rahmati
 
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Real-Time Innovations (RTI)
 
Cisco Network Insider Series: Securing Your Branch for DIA
Cisco Network Insider Series: Securing Your Branch for DIACisco Network Insider Series: Securing Your Branch for DIA
Cisco Network Insider Series: Securing Your Branch for DIA
Robb Boyd
 
Anti Hack Solution
Anti Hack Solution Anti Hack Solution
Anti Hack Solution
Naved Ahmed
 
Building the Internet of Everything
Building the Internet of Everything Building the Internet of Everything
Building the Internet of Everything
Cisco Canada
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg
TI Safe
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
Priyanka Aash
 
Mobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solutionMobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solution
Cisco Mobility
 
Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)
Real-Time Innovations (RTI)
 
Iio t security std
Iio t security stdIio t security std
Iio t security std
Plantconnectiot
 
Employing automated security systems in critical facilities.pptx
Employing automated security systems in critical facilities.pptxEmploying automated security systems in critical facilities.pptx
Employing automated security systems in critical facilities.pptx
Jeffrey Lam
 
Bringing IT to the factory floor.ppt
Bringing IT to the factory floor.pptBringing IT to the factory floor.ppt
Bringing IT to the factory floor.ppt
Jeffrey Lam
 

More Related Content

Similar to Securing your DC JLBK (DSC).ppt

IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
Amit Rohatgi
 
Emea Corporate Presentation 0709 Lin
Emea Corporate Presentation 0709 LinEmea Corporate Presentation 0709 Lin
Emea Corporate Presentation 0709 Lin
Joe Sarno
 
Blaze Automation Cisco Security And Cctv Camera Solutions
Blaze Automation Cisco Security And Cctv Camera SolutionsBlaze Automation Cisco Security And Cctv Camera Solutions
Blaze Automation Cisco Security And Cctv Camera Solutions
Blaze Automation
 
Chapter 11 : It’s a network
Chapter 11 : It’s a networkChapter 11 : It’s a network
Chapter 11 : It’s a network
teknetir
 
Chapter 11 - It’s a Network
Chapter 11 - It’s a NetworkChapter 11 - It’s a Network
Chapter 11 - It’s a Network
Yaser Rahmati
 
Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)
Real-Time Innovations (RTI)
 

Similar to Securing your DC JLBK (DSC).ppt (20)

Understanding the Internet of Things Protocols
Understanding the Internet of Things ProtocolsUnderstanding the Internet of Things Protocols
Understanding the Internet of Things Protocols
 
Cisco-Security & Survelliance Ürünleri
Cisco-Security & Survelliance ÜrünleriCisco-Security & Survelliance Ürünleri
Cisco-Security & Survelliance Ürünleri
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
 
Emea Corporate Presentation 0709 Lin
Emea Corporate Presentation 0709 LinEmea Corporate Presentation 0709 Lin
Emea Corporate Presentation 0709 Lin
 
Tekforcecorp
Tekforcecorp Tekforcecorp
Tekforcecorp
 
Blaze Automation Cisco Security And Cctv Camera Solutions
Blaze Automation Cisco Security And Cctv Camera SolutionsBlaze Automation Cisco Security And Cctv Camera Solutions
Blaze Automation Cisco Security And Cctv Camera Solutions
 
Fortinet Solution Mapping with AWS Well-Architecture
Fortinet Solution Mapping with AWS Well-ArchitectureFortinet Solution Mapping with AWS Well-Architecture
Fortinet Solution Mapping with AWS Well-Architecture
 
Successful Industrial IoT patterns
Successful Industrial IoT patterns Successful Industrial IoT patterns
Successful Industrial IoT patterns
 
CCNAv5 - S1: Chapter11 It's A Network
CCNAv5 - S1: Chapter11 It's A NetworkCCNAv5 - S1: Chapter11 It's A Network
CCNAv5 - S1: Chapter11 It's A Network
 
Chapter 11 : It’s a network
Chapter 11 : It’s a networkChapter 11 : It’s a network
Chapter 11 : It’s a network
 
Chapter 11 - It’s a Network
Chapter 11 - It’s a NetworkChapter 11 - It’s a Network
Chapter 11 - It’s a Network
 
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
Precise, Predictive, and Connected: DDS and OPC UA – Real-Time Connectivity A...
 
Cisco Network Insider Series: Securing Your Branch for DIA
Cisco Network Insider Series: Securing Your Branch for DIACisco Network Insider Series: Securing Your Branch for DIA
Cisco Network Insider Series: Securing Your Branch for DIA
 
Anti Hack Solution
Anti Hack Solution Anti Hack Solution
Anti Hack Solution
 
Building the Internet of Everything
Building the Internet of Everything Building the Internet of Everything
Building the Internet of Everything
 
[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg[CLASS 2014] Palestra Técnica - Michael Firstenberg
[CLASS 2014] Palestra Técnica - Michael Firstenberg
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
 
Mobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solutionMobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solution
 
Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)Four keys to securing distributed control systems and the industrial (IoT)
Four keys to securing distributed control systems and the industrial (IoT)
 
Iio t security std
Iio t security stdIio t security std
Iio t security std
 

More from Jeffrey Lam

Green datacenter jeff lam 2008
Green datacenter jeff lam 2008Green datacenter jeff lam 2008
Green datacenter jeff lam 2008
Jeffrey Lam
 
Datacenter space planning(old)
Datacenter space planning(old)Datacenter space planning(old)
Datacenter space planning(old)
Jeffrey Lam
 
Redundancy Datacenter Design
Redundancy Datacenter DesignRedundancy Datacenter Design
Redundancy Datacenter Design
Jeffrey Lam
 

More from Jeffrey Lam (10)

Employing automated security systems in critical facilities.pptx
Employing automated security systems in critical facilities.pptxEmploying automated security systems in critical facilities.pptx
Employing automated security systems in critical facilities.pptx
 
Bringing IT to the factory floor.ppt
Bringing IT to the factory floor.pptBringing IT to the factory floor.ppt
Bringing IT to the factory floor.ppt
 
Applying Audio to Security (Sep 2021)
Applying Audio to Security (Sep 2021)Applying Audio to Security (Sep 2021)
Applying Audio to Security (Sep 2021)
 
Enhancing Defence in depth with automated systems (SII Physical meets Cyber S...
Enhancing Defence in depth with automated systems (SII Physical meets Cyber S...Enhancing Defence in depth with automated systems (SII Physical meets Cyber S...
Enhancing Defence in depth with automated systems (SII Physical meets Cyber S...
 
Defending our datacenters (BICSI 2016 ASEAN conference)
Defending our datacenters (BICSI 2016 ASEAN conference)Defending our datacenters (BICSI 2016 ASEAN conference)
Defending our datacenters (BICSI 2016 ASEAN conference)
 
Comparison USA/China datacenters standards
Comparison USA/China datacenters standardsComparison USA/China datacenters standards
Comparison USA/China datacenters standards
 
Breaking the rules! bicsi
Breaking the rules! bicsi Breaking the rules! bicsi
Breaking the rules! bicsi
 
Green datacenter jeff lam 2008
Green datacenter jeff lam 2008Green datacenter jeff lam 2008
Green datacenter jeff lam 2008
 
Datacenter space planning(old)
Datacenter space planning(old)Datacenter space planning(old)
Datacenter space planning(old)
 
Redundancy Datacenter Design
Redundancy Datacenter DesignRedundancy Datacenter Design
Redundancy Datacenter Design
 

Recently uploaded

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Recently uploaded (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Securing your DC JLBK (DSC).ppt

  • 1. Datacenter Strategics, Shanghai 14th May 2010 Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Securing your datacenter Jeffrey Lam RCDD Regional Manager, Anixter Greater China
  • 2. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Agenda  Industry drivers  Business trends  Developing the physical security plan for data centers – Physical protection guidelines and strategies – Crime Prevention Through Environmental Design (CPTED) – TIA-942 standard  Security technologies for data centers – Perimeter layer controls – Facility layer controls – Computer room layer controls – Cabinet-level controls
  • 3. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Industry Drivers for Data Center Security  Sensitive data – Medical records – Social Security numbers – Financial transactions and cardholder data – Intellectual property and confidential information  Critical infrastructure and key resources – As defined by the Department of Homeland Security: “The assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, public health or safety, or any combination thereof.”
  • 4. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Data Security Breaches Source: http://www.privacyrights.org/ar/ChronDataBreaches.htm#2010
  • 5. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Logical Security Only Physical Security Protecting your information! Physical Security  Tracks people  Limits access to areas, spaces  Provides audit of who accessed what  Integrates with video to provide visual record Logical Security  Tracks logins  Limits access to servers, folders and applications  Provides audit trail of what login accessed what data
  • 6. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Business Trends in Security Systems  Moving from reactive toward predictive response  Providing additional operator control  Preserving existing capital investment  Regulatory requirements – PCI DSS, HIPAA, Sarbanes-Oxley, etc.
  • 7. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Technology Trends in Security Systems  Analog-to-digital migration – Digital allows better image management  Record, store, search, retrieve, share, send  System Integration for greater efficiency  Standardized structured approach – Modular, flexible implementation – Easy moves, adds and changes (MAC)  Anywhere - anytime monitoring  Video Analytics
  • 8. Datacenter Strategics, Shanghai 14th May 2010 Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Developing the Physical Security Plan Physical Protection Guidelines & Strategies Technologies for Data Center Security
  • 9. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc.  Crime Prevention Through Environmental Design (CPTED) – Perimeter layer controls – Facility layer controls – Computer room layer controls – Cabinet-level controls  ANSI/TIA-942 Physical Protection Guidelines & Strategies
  • 10. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc.  Crime Prevention Through Environmental Design (CPTED) – Awareness of how people use space All space has a designated purpose Social, cultural, legal and physical dimensions affect behavior – Control physical setting to change behavior Understand and change behavior in relation to physical surroundings Redesign space to encourage legitimate behaviors and discourage illegitimate use Physical Protection Guidelines and Strategies
  • 11. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Security Technologies for Data Centers Perimeter Perimeter Facility Computer Rooms Cabinets  Site Selection  Defense in depth – Implement layers of protection – Ensure failure of one element in the system will not create a critical vulnerability in the whole system – Delay penetration in event of breaches
  • 12. Datacenter Strategics, Shanghai 14th May 2010 Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Perimeter Layer Controls Selection of Site Site hardening Video surveillance
  • 13. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Perimeter Layer Controls  Goals – Deter, detect and delay – Integrate systems – Provide layers of protection  Security measures – Physical barriers – Site hardening – Lighting – Intrusion detection – Video surveillance – Physical entry and access control Perimeter Facility Computer Rooms Cabinets
  • 14. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. TIA-942 Data Center Site Selection Criteria  Secure all cooling equipment, generators, fuel tanks or access provider equipment situated outside the customer space  The computer room should not be located in close proximity to a parking garage  The building should not be located: – In a 100-year flood plain, near an earthquake fault, on a hill subject to slide risk, or downstream from a dam or water tower – Within 0.4 km (¼ mile) of an airport, research lab, chemical plant, landfill, river, coastline or dam – Within 0.8 km (½ mile) of a military base – Within 1.6 km (1 mile) of a nuclear, munitions or defense plant – Adjacent to a foreign embassy – In high-crime areas
  • 15. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Site Hardening Security walls and gates No signage indicating data center purpose Keep access points to a minimum Parking away from building Clear zones Intimidating doors and hardware –Steel doors and heavy-duty locks
  • 16. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. TIA-942 – Data Center Security Tiers (Cont.) Source: ANSI/TIA-942
  • 17. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. TIA-942 –Data Center Security Tiers (Cont.) Source: ANSI/TIA-942
  • 18. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Perimeter Video Surveillance Monitor – Perimeter – Parking lots – Entry and exit points – Garbage bins – Power or cooling facilities – Building facade and rooftop Detect – Motion detection Sound alarm or recording when triggered – Intelligent video analytics Object left behind People counting Wrong way – Edge-based vs. server-based analytics Image courtesy of Bosch Security Systems
  • 19. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. 5.0 MP 2560x1920 3.1 MP 2048x1535 2.0 MP 1600x1200 Resolutions Compared 1.3 MP 1280x1024 PAL 720x576 VGA 640x480 CIF 352x288 Image courtesy of IQinVision
  • 20. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. HDTV Camera Resolution  Up to 5 times higher resolution than analog TV  SMPTE (Society of Motion Picture and Television  Engineers  Standardized color fidelity  16:9 format – Discards nonrelevant parts – Makes it easier for the operator – Saves bandwidth – Saves storage  HDTV 720 (1280x720)  HDTV 1080 (1920x1080) 16:9 ratio 4:3 ratio Image courtesy of Axis Communications
  • 21. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Image courtesy of IQinVision VGA (640x480) Video Surveillance: Network Video Megapixel Resolution HDTV 720 (1280x720) HDTV 1080 (1920x1080) 3.1 MP (2048x1535) 5.0 MP (2560x1920)
  • 22. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Video Management Platforms  Hybrid DVR – Familiar interface – Analog and IP cameras – Proprietary and limited scalability  Hardware NVR – Specifically designed for IP surveillance cameras – Proprietary  VMS on PC/server platform – Nonproprietary – Off-the-shelf hardware – Simplicity in system maintenance – Upgrade single components: memory, CPU, etc. – Best-of-breed hardware components – Preconfigured options available
  • 23. Datacenter Strategics, Shanghai 14th May 2010 Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Facility Layer Controls Access Control and Video Analytics
  • 24. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc.  Goals – Secondary layer of protection – Further restrict access – Redundant power and communications – Integrated systems  Security measures – Access control Man-traps Turnstiles Visitor management – Video surveillance Facility Layer Controls Perimeter Facility Computer Rooms Cabinets
  • 25. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Access Control: Prevent Tailgating  Man-traps – Two interlocking doors open only one at a time after presenting authorized credential  Turnstiles – Physically allow only one person to pass through at a time  Video analytics – “Count” the number of people going through a doorway
  • 26. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Final design Batteries C R A U C R A U Comms. UPS UPS UPS Reserved for future racks racks racks Operating Console Elect. FM200 cylinders MDA Separate Facility area
  • 27. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Video Analytics  Analyzes pixels in a frame of video  Detects behaviors in the pixels  Makes decisions based on set characteristics – From simple Motion detection Camera tampering Object recognition and tracking People counting – To complex License plate readers Facial recognition Fire and smoke detection  Is edge-based or server-based – Server-based allows more complexity
  • 28. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Visitor Management  Paper sign-in sheets not secure – Incomplete, illegible and any visitor can view the log  Use a driver’s license, passport or business card – Scanned, recorded in a secure database – Customizable  High-quality badges printed automatically or by guard – Integrate with existing access control systems  Badges can automatically expire – “VOID” may appear across the badge – Change in color – Prox rendered inactive after a certain time or date
  • 29. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Indoor Video Surveillance  Monitor exits as well as entrances  Integrate with access control to monitor internal access  Use high-resolution cameras for identification purposes  Configure systems to record on motion or event to save storage requirements  Consider video compression technology
  • 30. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Camera Resolution: Identification Guidelines Source: Univision High detail General surveillance Forensic detail
  • 31. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. The Potential Impact of the Cabling Infrastructure IP Video Surveillance  A Category 5e cabling infrastructure’s absence of headroom minimizes the infrastructure’s ability to compensate for marginal electronics  A Category 6A cabling infrastructure provides headroom to overcome issues related to the electronics IP Video Minimally Compliant Category 5e IP Video Category 6A
  • 32. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. H.264 compression (example savings) Motion JPEG Bandwidth and storage consumption MPEG-4 Part 2 Bandwidth and storage consumption H.264 Bandwidth and storage consumption 80% 50% Lower TCO: Bandwidth and Storage H.264: the ultimate video compression Image courtesy of Axis Communications
  • 33. Datacenter Strategics, Shanghai 14th May 2010 Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Computer Room Layer Controls Identification Asset tracking
  • 34. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Computer Room Layer Controls  Goals – Third layer of protection – Further restrict access Multiple forms of verification – Monitor all authorized access – Redundant power & communications – Integrated systems for enhanced awareness  Security measures – Man-traps and turnstiles – Video analytics – Biometrics – RFID – Environmental monitoring  No windows or skylights – “Six-wall” border – Secure air-handling systems Perimeter Facility Computer Rooms Cabinets
  • 35. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc.  Methods – Carried Item carried by the individual: metal keys, proxy cards, mag cards, photo ID, smart cards – Known Private information: PIN, passwords, code words – Inherent Biometric features finger and thumb prints, hand geometry, iris scan, speech pattern Identity Verification Image courtesy of HID Global and Ingersoll Rand Security Technologies
  • 36. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. RFID for the Data Center Environment  Eliminate manual spreadsheets for tracking – Inventory – Asset locations – Life-cycle data  RFID technologies can provide instant awareness of data center assets – Rack-mounted equipment – Mobile equipment such as laptops – Employees (e.g., credential tags) – Some systems also offer environmental monitoring sensors
  • 37. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Zone Manager – Example Data Center Deployment Staging Area Loading Dock Storage Area Racks # 1-8 Racks # 9-16 Racks # 17-24 Racks # 25-32 Racks # 33-40 Racks # 41-48 • Connected to each reader in each zone • Determines precise zone level location Example Output: Tag RFCRCK00000050 is located in Storage Area, which is located in Building 1. Example Output: Tag RFCRCK00000050 is located in Staging Area, which is located in Building 1. Example Output: Tag RFCRCK00000050 is located in Loading Dock, which is located in Building 1. Example Output: Tag RFCRCK00000050 is located in Rack 48, which is located in Building 1.
  • 38. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Computer Room Layer Controls: Summary  Restrict access  Eliminate tailgating  Monitor exit and entry points  Require multiple identity verification methods  Maintain “six-wall” border  Address proper thermal management  Implement RFID system for asset tracking Perimeter Facility Computer Rooms Cabinets
  • 39. Datacenter Strategics, Shanghai 14th May 2010 Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Cabinet Layer Controls Cabinet Level access control Intelligent Infrastructure Management
  • 40. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Cabinet-Level Controls  Goals – Fourth layer of protection – Further restrict access – Integrated systems for enhanced awareness  Security measures – Cabinet-level locking – Audit trails – Intelligent infrastructure Perimeter Facility Computer Rooms Cabinets
  • 41. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Data Center Solution TZ Praetorian Cablinet Locking System  Increase security at the cabinet level  Work with existing enterprise access control systems  Efficiently bring electronic security and audit trail capability to the cabinet or enclosure level
  • 42. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. The Power of Integrated Systems IP Data UPS Fiber Panel Access Control Server Core Switch/Router Network Video Recorder (NVR)  Response – Resolves issues faster – Saves time correlating events and timelines – Moves from reactive toward predictive – Provides real-time anywhere alerts for monitoring and recording  Operation – Provides additional operator control – Reduces deployment, training and support costs – Preserves and protects capital investments
  • 43. Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Summary  Perimeter, facility and computer room physical security may not be sufficient to prevent breaches  IP-enabled physical security systems increase reaction time – Technology maturing – Moving toward predictive response  Leverage existing physical security best practices and industry standards to develop security plan Perimeter Facility Computer Rooms Cabinets
  • 44. Datacenter Strategics, Shanghai 14th May 2010 Migrating to IP-Based Physical Security in the Data Center Proprietary and Confidential. © 2010 Anixter Inc. Thank you! AFCOM Data Center World 2010