Standard Rack Mount Computing Form Factor

The standardized rack mount computing form factor consists of a rack that has a number of standard spaced post mounting points. The rack itself may be open, partially enclosed or fully enclosed for additional security. A fully enclosed lockable rack that is securely fastened to floor and/or walls does have the additional benefits of severely restricting physical access by unauthorized persons to those components housed within it.

Standard Rack Mount Computing Components and Implementations

Standard rack mount computing implementations can be custom designed and built using various types and configurations of 1U or multiples of 1U components. These include networking devices such as switches and routers as well as power supply units, networking and communications interfaces, servers, user interfaces, consoles/terminals and storage devices (hard disk and optical drives) etc.

The Standard 1U Unit

The standard 1U unit has the following minimum dimensions 19" (482.6 mm) wide and 1.75" (44.45 mm) tall. The most common rack mount computing form factor platform is based around a 42U configuration. This means that a 42U rack is capable of housing a maximum of up to 42 individual 1U units. As noted above these 1U units may be servers and networking devices etc.

Rack Mount Computing Component Limitations

When incorporating devices that are themselves physically multiples of the base 1U unit a 42U rack will not surprisingly house considerably fewer than 42 individual components. Another limitation of the rack mount computing platform is that very few self-contained servers can be accommodated into the mere 1.75” (44.45 mm) 1U height of the standard rack mount computing form factor.

This limitation is further compounded whenever a monitor is included into the rack as it will consume considerable space such that even fewer other components can be included as well. However; all is not lost as the rack mount computing form factor does offer raised security levels when used as an enclosure for multiple servers.

Non-Standard 1U Components

Although; the 1U minimum unit size applies to all units that are to be mounted into the rack, including servers, redundant power supplies, networking devices etc, non-standard 1U components can be accommodated.

Oversized Components - “Oversized” components that are multiples of the 1U form factor dimensions can generally be housed in the standard 42U rack without too much difficulty. For example many server-grade enterprise-class redundant power supply units (PSUs) are indeed, very much “oversized”. Fortunately these essential components tend to come in physical sizes and form factors that are absolute multiples of 1U and hence can generally be installed into a standard 42U rack with little difficulty.

Undersized Components - When we come to “undersized” sub-1U components however; it is a far different story. In these cases the general “rule of thumb” precludes these components unless special purpose mounting braces/brackets are used when physically introducing the sub-1U component to the standard 42U rack.

Rack Mount Computing Form Factor Value Added Features

As with all things; the basic standards and standards compliance driven bare bones minimum feature sets and capabilities delivered by all standards compliant rack mount computing form factor solutions are in themselves fine; especially for open standards-based technologies like the rack mount computing form factor platform.

However; it is the additional “value added” features of any product, service or technology that will set it apart and distinguish it as being THE “top of the class/top shelf” must have, no matter the cost product. You will find that “in going the extra mile” by incorporating above standard features, capabilities and attributes will always translate into superior sales and service.

Additional Rack Mount Computing Platform Features

Other elective features/options that may be built into a production environment rack mount computing platform implementation to improve its service, usability and user friendliness include:

Sliding Rails - The addition of slide rails allowing the equipment to be slide in and out without the necessity of disconnecting it from the rack chassis is a truly welcome value added security feature. Positional Locking Slide Rails - Simply by incorporating the capacity for the sliding component to be lockable in both the in and out positions definitely makes a technician or network/systems administrator's life much easier as this gives superior stability while contributing in no small way to preventing accidental drop-age during routine service.

Server/Device Mounted Locking Pins - Here is a little extra that enables a component unit (server, router etc) to be “dropped” into place without the necessitating for fiddling with screws. This one is a big favorite with me and administrators for obvious reasons.

Rear Mounted Handles - Great for pulling and pushing servers and other devices in and out of the rack chassis. It certainly saves a lot of cable pulling and the ensuing damage that causes.

Rear Mounted Cable Tray - Somewhere to tuck cables neatly out of the way. Not only does this help prevent “cable knotting” but it also gives the added protection of securing cables against accidental displacement. In combination with lockable sliding rails the rear mounted cable tray enables the server equipment to be still operational while it is extended out of the frame; a must for “hot swap” capable devices.

Indicator Lights - An often overlooked aspect of rack mount computing component servicing procedures is that the actual component identification and positive component identification confirmation of those devices currently being serviced can consume copious quantities of an onsite technician's service time.

Furthermore; this can be compounded considerably whenever a service procedure requires what essentially adds up to concurrent direct physical access to both the front and rear aspects of said device/component. Continually swapping between the front and rear aspects of a rack mount device; especially when fully loaded racks are concerned, serves only to muddy the device identification waters even further.

To overcome these issues many rack mount chassis manufacturers now incorporate device identification LEDs at both the front and rear of the rack assembly. Note that these identification LEDs are built into the chassis rather than the device itself.

Rack Mount Computing Device Naming and Labeling - Because of the difficulties associated with device identification and confirmation whenever service personal are concurrently servicing rack mounted devices from both the front and rear aspects it is essential that you also have a secure, clear and unambiguous naming and labeling mechanism in place right from the “get-go”. Again the labels will need to be applied at both the front and rear aspects of those devices housed in your rack. Most rack and rack chassis manufacturers do make provisions for an easily implemented and maintained rack component labeling systems.

KVM Switch Support - Racks with a KVM switch installed allow an administrator to interact directly with all devices housed within that rack using just the one keyboard, mouse and monitor. This is because the KVM switch provides the necessary support that makes it possible for all components of the rack to share these devices.

Out of the Rack

Standard rack mount servers can generally exist outside of the rack and function within a network environment with just the addition of a power cord and appropriate network cable.

Remote desktop for administration helps decentralize server resources and multi-task the system administrator as well as the server systems hence cutting down the administrative operation costs. This brings flexibility in management of any large or small-scale organization network. A system administrator performs various activities. The administrator monitors the system, server resources, and maintains collection of quality crucial software. When the website client requests for a deletion of an account, a system administrator has no option other than delete and offer privilege for new accounts. Moreover, due to inventions of new software, the administrator upgrades the system to support applications for geographical information system (GIS) infrastructure. GIS collects, analyzes, stores and presents the data or a link to that data source.

A Windows Server 2003 offers processing of log messages. It is efficient and critical in all server and network management using the following four tools:

• System administration

• Network administration

• Storage management

• Directory services administration.

The aforementioned tools aids in controlling and upgrading server application and operating system that run on Windows Serve 2003. Besides, they are essential for domain controller optimization or demotion and fragmentation of the server disk. To meet various demands from the clients, system administrator uses a collection of tools. There are different types of servers with distinguished services: file and print server, web server and Web application services, mail server and terminal server. Others include remote access and virtual private network (VPN) server, directory services, Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP) server, Windows Internet Naming Service (WINS) and streaming media server. An authorized Windows Server 2003 improves productivity in all size organizations. It controls server applications, provides templates configuration and maintenance of security. Windows Server 2003 is the ultimate source of website security and administration.

Introduction

It would be nice to live in utopia, that ideal world where nobody was a villain and misdemeanors never occurred. Unfortunately for the majority of us residing back here on planet Earth, security breaches, compromises and issues are all too real and unpleasant facts of life. Regardless of our station in life somebody is always trying to get a free lunch at our expense or trying to take advantage of us in some other way.

This being said we need to identify the objectives, acceptable standards, policies and regulatory compliance requirements that our wireless network security should deliver as intended.

Wireless Networking Security Objectives Defined

It is widely recognized that the underlying themes of all network security, and not just the wireless components, should be such that they consistently ensure adherence to the principles expressed by the CIA of Security ethos. Simply put this means the planning, implementation and maintenance of organization/network-wide Confidentiality, Integrity and Authentication (CIA).

The implications of this are that only duly authenticated authorized users have full access to all of their allocated network resources, assets, capabilities, bandwidth and Quality of Service (QoS) in line with the appropriate user rights, permissions and privileges whilst maintaining full and comprehensive organization-wide network confidentiality and integrity. The trick is in doing so seamlessly and transparently to the user.

Strategies

The implementation of security strategies and solutions consisting of multiple layers of protection by incorporating and melding a blend of physical security, multiple layers of authentication, network monitoring, traffic flow control, firewalls, intrusion detection, intrusion prevention, surveillance, logging and log analysis, specialized software, hardware and complementary technologies are widely regarded to be the fundamental pillars upon which the preservation of rock solid security for networks is built.

Make no mistake about it, this holds true for wired and wireless networks alike. By employing a security-in-depth approach many exploits can be negated. An example of where multiple layers of authentication can return handsome dividends is in wireless network access.

First line of defense is network access and connectivity controls. Users should be required to provide valid current authentication credentials in order to begin to access the wireless network. The user's wireless adapters should also be required to authenticate themselves.

Machine authentication can be implemented by simply creating a Wireless Access Point (WAP) or wireless router MAC Address filter table. Devices lacking a qualified listed MAC Address will be automatically denied network access. This level access control actually precedes any user based authentication mechanisms since the MAC Address is contained in the Layer 2 header of every packet placed onto the network.

The next line in our defenses could involve additional authentication at various points throughout the network including transit beyond the local segment. For wireless networking components this can be most easily achieved by configuring dedicated wireless only network segments or through Virtual Local Area Network segmentation (VLANs) for wireless devices.

These specialized and segregated wireless networking segments can be placed into Demilitarized Zones (DMZs) for ease of administration. It is also advisable to make sure that they are on LAN segments physically independent of the rest of the network. Secondary user passwords or passphrases can be implemented at the application level as well.

Failure to incorporate a multi-layered approach makes the likelihood of successful intrusion far more likely. If all an attacker need do is to “crack” one password or passphrase then having gained access to a wireless network component without secondary authentication mechanisms in place you can safely assume that they will have also gained full access over your entire network. This means all assets and resources including those of the wired segments.

Wired and Wireless Issues

I will now cover the major issues and areas of concern pertaining to wireless network security. Please note that this list is not intended to be absolute nor complete. New exploits and threats arise every day. Hence I have elected to present and highlight here those areas representing the greatest concern and/or those areas most likely to present future new threats and exploits.

Many of the generic issues discussed below apply equally to wireless and wired networks alike. This is especially so when the device in question is a consumer class broadband modem/router. Both the wired and wireless versions will exhibit the same basic preconfigured functionalities and default manufacturer configurations. For example manufacturers tend to use the same default administrator name, administrator password and network names as well as enabling DHCP by default.

So let's get to it and as always security starts with the physical and wireless networking is no different.

Physical Security

There are many physical security related issues regarding wireless networking security including the physical security of the device itself (accidental loss theft etc), device naming and labeling conventions, physical accessibility (so critical for troubleshooting) coverage, Quality of Service (QoS), bandwidth, signal distortion, degradation and strength, device location, type of antennae and many more. If you would like to read more then check out Wireless Networking Physical Security.

Transmission Media

Because wireless networks use a public domain transmission medium, which is freely accessible to anyone with the right tools and desire, it is imperative that additional care and attention be paid to security aspects throughout the network's entire life cycle. So it is that the appropriate time for consideration of these initiatives to commence is at the very beginning of the network's life cycle during the technical requirements analysis and evaluation, planning and design stages. The process will be ongoing from there.

Documentation

Wireless device manufacturers usually provide the device's supporting documentation either on a disc bundled with the device or available for download from the manufacturer's website. In general, this documentation usually describes first steps/getting started, minimum requirements, preparation, installation, additional security procedures and finally troubleshooting and support.

Unfortunately, the vast majority of users will either ignore or skim over this information or anything else that is not pictorially depicted in the quick start guide. Let's face it these are the realities of our plug "n" play world. The device is working and I can use it; end of deal.

Plug "n" Play

The rise in popularity of wireless networks and technologies can in no small part be attributed to plug "n" play capabilities. On the one hand this is a boon for ease of connectivity, user friendliness and all-round ease of use. Yet it is these very aspects that make plug "n" play devices across the board so susceptible to subversion and compromise.

The problem with the default plug "n" play “silent install” approach to the installation and configuration of all devices (including wireless networking devices) is that in so far as network/device security is concerned it is no approach at all.

Manufacturer Defaults

Manufacturers preload their hardware with device specific software (firmware) and a basic configuration intended to get users up and running in the shortest possible time with minimal required user input.

Factory set default configurations, parameters, options and settings of most if not all devices are in the public domain. This is due to the fact that detailed and specific device defaults lists and documentation are generally freely available on the device manufacturer's website. They can also be found on a number of other third party websites.

The big difference between the documentation, resources and tutorials etc that are published on a manufacturer's website and those published on third party websites is that on the whole the third party sites tend not to confine their listings to only those devices manufactured by a single manufacturer. They also tend to reveal more of and about the inherent flaws and potential exploits of a device that a manufacturer would prefer to “overlook”. You might say that they are a one-stop-shop.

War Driving and Wireless Network Hacking

While most of us have heard of hacking the practice of “war driving” is not so well known. So for the benefit of one and all war driving is the practice of cruising around with a wireless enabled laptop complete with a plethora of wireless networking detection and cracking tools. Many war drivers even make use of GPS to physically locate with pin-point accuracy the precise locations of any wireless networks detected.

The major distinction between the two is that war driving is all about discovering the existence of wireless networks. Hacking wireless networks on the other hand is about cracking/breaking into those wireless networks discovered through war driving or any other means such packet sniffing.

In short, the hacking of wireless networks is all about gaining access to a network whilst not being a legitimate bone fide network user with authentic access privileges and rights. This does not infer in any way that a would-be intruder is implicitly malevolent.

For example, legitimate, authorized and authentic security staff conducting site surveys, penetration testing or network preparedness assessments usually do not have “evil” intent. Still others may be attempting to access your wireless network for the thrill of it simply because it's there.

Note that the tools used for war driving and standard wireless hacking purposes are generally the same. In addition, these tools are freely available for download via the Internet usually in the form of self extracting automatic installation packages or user installable software.

What many may not realize is the degree of user friendly sophistication and capabilities that these tools have attained over the years of their existence and development. So it is that in today's wireless networking climate we must assume that attackers are by default armed with these tools. With this in mind we can construct our defenses in a manner best suited to counteracting a multiplicity of threats originating from all angles.

Conclusion

In combination a device's factory defaults and plug "n" play silent installation and setup provide a very user friendly, fast and convenient method to get a device up and running. Yet it is these very same default factory/plug "n" play device parameters, default configuration settings and behaviors that make wireless networks and wireless devices installed in this way without any further user/administrator interaction particularly inherently susceptible to compromise.

Therefore, immediately after the initial setup and installation has completed successfully the first security tasks that you should religiously attend to are the modification and/or customization of the basic manufacturer factory default settings, administrator names, passwords and configurations.

But, like the constant pop-up questions ("The following program is trying to access your computer!!!"), even though this makes sense for security purposes, it can be annoying when a frequently used program needs to be triggered a certain way every single time it's ran.

Luckily, there's a way around this.

1. Right click on the program you use regularly and click the "Compatibility" tab.
2. At the bottom of the tab, you'll see a "Privilege Level" box. Check it and click "Apply," then "OK."

You're all set up. The program will run with Administrator privileges every single time from now on.

Of course, this trick only works if your account is an Administrator account, but as long as that's the case, this should make running common programs in Administrator mode quite a bit easier.