Feeds

BOFH: Infesting the secure comms room

Rattus Electronicus

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

Episode 6 BOFH 2004: Episode 6

So it's a site visit - one of those rare opportunities to check out a "superior" government installation on a brand new site which has won awards from those members of the industry easily impressed by colours and lights.

What the hell, it's a couple of hours off work with the chance of a protracted visit to the pub (after a quick spark plug lead reshuffle of the Boss' car).

So we're in.

The sad thing about new installations is that while they look nice and work well, it's the test of time which turns most comms rooms into rats' nests of cabling and pristine computer rooms into stacks of dead and dying equipment. Still, it looks nice in the beginning (before installation rot sets in) and that's when you grab the snapshots that you use in your publicity for years to come.

The Boss, the PFY and I rock on up at the appointed time and wait patiently at reception for the arrival of our host. The PFY takes this opportunity to excuse himself for a rest stop, returning with the slightly greasy hands that indicate a successful major engine timing rejig.

Sorted. Now just to put up with the condescending hour-long monologue... I know I'm not too far off in my expectations when a charcoal-suited bloke strolls over and introduces himself as Karl, the "Installation guru", noting his pride and joy - a monitor at reception showing the computer room in all its glory. I mentally prepare myself for the onslaught of smugness, the trauma of which will hopefully be alleviated by the presence of a couple of attractive female reporters who've also signed up for the tour...

. . Two hours of Powerpoint Presentations about how his installation is much better than everyone in the whole world's...

"And here we have our Comms room," he burbles, gesturing through a viewing window at a clean new room. "As you can see, full patch by exception frames, Cat 6 cabling in structured cabling retaining systems, linked to dual redundant comms rooms at either end of each floor via twin redundant fibre in purpose-built risers completely isolated from other installation ducting. Full fire protection throughout, external and internal UPS systems, raised floor and full length armoured observation window allowing monitoring from the Control room. And here's the computer room. As you can see, it too has a fully armoured observation window - with redundant aircon, UPS, Fire systems. Obviously we'll fit the glass with a one way film once we commission the room - after the big party tomorrow."

"Party?" I ask, smelling free drinks, food and the chance to annoy politicians.

"Yes, for the opening. The new technology minister, a couple of MPs, some drinks - more of a photo op than anything else," he says, playing it down. "Right, we'll just pop through to the room so you can see some state-of-the-art installation techniques which I think you'll find surprising. Just have to swipe myself through - if you don't mind looking away."

"Not at all!" I burble, turning my back on the door while he swipes his card and types in enough numbers to program the Mars probe in binary.

We traipse into the computer room, and I have to admit that it is impressive.

"See these?" Karl says. "Quick-release sliding rack systems to enable rapid removal for maintenance. Fits all major vendor's equipment. Each rack unit has its own microprocessor controlled reactive venting to eliminate hotspots and power monitoring to indicate equipment which deviates from its normal consumption ... Yes?"

"Just need to pop off to the gents," the PFY murmurs. "Dicky bladder at the mo..."

"Right, press the red release button and it's the door over there," Karl responds, indicating a room off the Control Room through the glass.

"You have a toilet off the control room?" I ask.

"Oh yes. The Computing core is designed to be completely secure and self sustaining for 48 hours. We even have our own kitchen and everything - although the fridges are, at the moment, stocked with the drinks and nibbles for tomorrow."

"Why self sustaining?" one of the reporters asks.

"Terrorists," Karl responds. "This site will be doing some of the top level information processing for various government agencies, and as such might present a target. Anything untoward happens, the operational staff hit any of the emergency buttons in the control area and the three rooms are time-locked from each other and the rest of the building for 48 hours."

"Or until someone breaks through the walls or floors, or takes a hostage to make you open the door..."

"No," Karl burbles happily. "The Computing core is surrounded by three feet of vault-strength concrete, each room isolated from the other by armour glass and one foot of concrete. Emergency doors are three quadlayer isolation slides which lock into place, making the place impenetrable! AND you can't take a hostage to force someone to open the doors because all the phones are disconnected. Security has been the watchword for this installation!"

"It certainly seems that way," I say, as we make our way back into the control area, to the assenting voices of the reporters. "Is that a rat?!" I gasp pointing to the bottom of a rack in the computer room.

"It shouldn't be!" Karl gasps, worriedly typing the binary bible into the swipe card reader and rushing back with the Boss in tow. "We have traps in all the ducting!" . . . . "No, nothing here," he chirps into the intercom after he and the Boss have a good look about. "Must have been your imagination!"

"Must've been," I agree as they wander back to the control room. "Don't worry, I'll get the doo..."

"NOT THAT BUTTON!" Karl screams just as a large armoured door slams shut, appearing from somewhere in the ceiling.

"Woopsy!" I gasp, looking through the observation window at the Boss and Karl's frantic attempts to cancel the lockdown. "How do I reverse it?"

"You can't reverse it!" Karl snaps angrily, "I told you!"

"Damn it!" the PFY snaps, not very convincingly, on his way to the kitchen.

"What'll we do?" one of the reporters asks unhappily.

"There's no need to panic," I respond, taking control. "I've been in situations like this before, and know that panic does not help!"

"Really?" the other reporter gasps.

"Not at all," the PFY replies, coming back from the fridge with laden arms. "Alcohol, on the other hand >ffsssss POP!< does. Anyone care for a glass of Champaine and ... errrm ... a canape of some sort?"

"That's for the opening!" Karl shouts through the intercom.

"Surely you don't expect us to starve or dehydrate?" I respond, tipping liberal amounts into the glasses of the reporters and the PFY.

"What about us?!" the Boss gasps, obviously feeling a little peckish.

"Well it doesn't look good. As far as I can see there's only one waterproof container in the room - which will have to suffice for both your ablutary and culinary needs for the next two days."

"MMmmmMMMM tasty!" the PFY adds turning back to the women brandishing another Moet & Chandon bottle. "Top you up?"

"Bit of a mistake that locking system," the PFY comments.

"I'd be more worried about that camera in the foyer when the thirst sets in," I add. "I wonder if they're taping it?"

"Could we get them a message?" the PFY asks evilly.

"Doesn't look like it," I sigh.

Nasty business these lock-ins. ®

BOFH is copyright © 1995-2004, Simon Travaglia. Don't mess with his rights.

Next gen security for virtualised datacentres

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.