All digital security is meaningless if the physical security is lacking. There for getting this right is one of the key things. I’m not going into the details of cooling or fire alarms or any such thing, but do note that these have effect on the security when implemented without care. Example when fire extinguisher is activated doors open so that everyone can exit and firemen and easily enter. The way the doors open should always be out of the main space. Emergency opening mechanisms should not leave the door open, they should unlock it only temporarily, this of course is again subject to local laws. No server room should have windows.
I would divide server hosting to three different security levels.
- normal
- secure
- high secure
At normal level access to server facility should be limited to authorized personnel only, noting that not all servers should be accessible by all admins. Normal level security for financial servers and normal level security for example web servers should be implemented so that these servers are in different rooms with different accesses. Of course, now I’m assuming that one has sufficient staff for this kind of separation. Practicalities must be taken in to account, could be that all standard security servers are accessible by all three administrators that the company has. Normal level must of course log all entering the space, with video camera being the preferable way. The loading bay and the way to get the servers in needs to be protected at least at the same level than any other entry to these rooms.
Secure level is a bit upwards from normal level. These servers could be located in the same place as normal level servers, but physical access to these is limited little bit more. The rack they are located in must be locked and monitored with a camera from front and back. At the very basic level at least network equipment should be security classified devices, but network HSM’s or servers with card readers, internal HSM or anything that needs to be physically activated should generally be located here. Major mistake with these racks is pointing the cameras so that the passwords of the administrators can be read when they use the console for these servers. Cameras should never point so that passwords could be read from the recording. Keys to the rack should be somewhere else, perhaps with a guard or receptionist or monitoring, somewhere where human interaction is required to get those keys to the racks. Naturally here we need process so that people can’t go willi-nilly getting the keys. – A valid reason is needed, such could be an approved work order or a production incident.
High security, now we are talking guards, dual access, sealed walls, full blown “nuclear bomb level” protection copied from military practices. Designer needs to be bat-crap insane and really sure others are out to get him or his computers. This deservers a good, deep explanation of the security requirements, so I’ll safe it to the next post.