When it comes to the physical security of core components, location and placement really do matter. No other single factor weighs as heavily or pays as handsomely as wisely choosing the locations and placements of your key core components and infrastructure.
Remember always, that physical security encompasses both physical connectivity and availability. It is no good having the most physically secure core components if they are inaccessible. The access types and capabilities will vary in accordance with the purpose of the access and the entity requesting that access.
The major desirable attributes of core components are maximizing up time, reliability, availability, stability, confidentiality and authorized accessibility with the appropriate privileges of course. Down time, particularly of the unplanned variety has no place here.
Achieving these objectives is no mean feat but we are now going to take our first steps in this area. Eliminating all public access to the core components of our communications and networking structure is a good place to start. Let us start by reviewing the first seven rules of location and placement.
The Rules of Location and Placement
Here again are the first seven rules of location and placement.
- Restrict Access
The first rule of location and placement tells us to whenever and wherever possible locate core components, devices and infrastructure where the public cannot gain free access to them. Be aware that you also need to secure your core devices and infrastructure against subversion from within.
- Camouflage and Concealment
The second rule of location and placement states that if infrastructure and core components must pass through a publicly accessible location then camouflage and conceal them to keep them out of sight. Use camouflage to your advantage. For more see Location and Placement.
- Lock Up and Lock Down
Complement your secure location and placement of core components in a secure location with the appropriate lock up and lock down measures.
Incorporating locking devices of all types in your physical security strategies is imperative. These measures should compliment one another and any additional lock down technologies and procedures that you implement.
Monitoring and alarm systems have a big role to play in heightening the security of core components.
- Eighty/Twenty
Location and placement rule four (the 80/20 rule) - 80% of the entire network's traffic should remain local while only 20% leaves the local network. The local traffic and the local network traffic are relative to the subnet(s), internal network(s), external network(s) and internetworks in question.
Only 20% of the total network traffic should travel over internal core links or the exterior (e.g. the Internet or another branch). Local traffic is between devices located on the same network segment (subnet).
Provision for organization-wide structures and subdivisions such as branches, facilities, buildings, departments, work groups, functionalities, services, logical associations, processes, traffic type, priorities etc. needs inclusion.
- Proximity
Location and placement rule five is the proximity rule which tells us that wherever possible all devices including core components, that have a physical and logical relationship (linked or associated in some way e.g. subnets, work group membership) should be located as physically near to each other as possible.
This means that you would place all devices servicing B Block together. The distribution layer routers, switches and servers for B Block would be located in the same rack.
- Reflection
The sixth rule of location and placement states that physical location, placement and naming should reflect both physical and logical associations as well as any other relevant relationships and dependencies. This holds true for communications and network core components.
- Redundancy
Location and placement rule seven is the redundancy rule. Whenever possible ensure that you have included adequate and appropriate redundancy features into your network design. The production environment implementation should reflect this. Having redundant core components adds reliability and robustness to communications and networking environments.
The Location and Placement of Core Components
Once again that old saying about “location, location, it's all about the location” comes to mind as does “Out of sight, out of mind”.
Unrestricted Public Access
Unlike devices placed in areas permitting free and unrestricted public access, because you have no other practical or feasible alternative, core components and infrastructure beg strict adherence to the first three rules of location and placement.
This brings forth the question “What about rule two how and where do camouflage and concealment come into the picture?”
Concealment
Concealment is achieved simply be locating your core components in a location that has highly restrictive accessibility. One easy way of doing this is by ensuring that there are no less than five controlled access points en route from the most proximal publically accessible area to the core component facility.
Controlled Access Routes
Controlled access routes also help to regulate staff access to the facility housing your core components. Members of staff with no immediate and legitimate purpose for needing access to the core components facility will find that, just like the public they too cannot gain access unheralded.
