By Kelly Jackson Higgins
May 17, 2010
You can spend millions of dollars on network security, but it's all for
naught if the data center has physical weaknesses that leave it open to
intruders. Red team experts hired to social-engineer their way into an
organization say they regularly find physical hacking far too easy.
Ryan Jones, senior security consultant with Trustwave's SpiderLabs, says
data centers he has investigated for security weaknesses commonly have
the same cracks in the physical infrastructure that can be exploited for
infiltrating these sensitive areas. Jones says the five simplest ways to
hack into a data center are by crawling through void spaces in the data
center walls, lock-picking the door, "tailgating" into the building,
posing as contractors or service repairman, and jimmying open improperly
installed doors or windows.
"Over the years, you can spend millions of dollars protecting your
network, but [many organizations] are leaving the front door wide open.
They are missing huge gaping holes" in their physical security of the
data center, says Jones, who will discuss his findings at the conference
today in Sao Paulo, Brazil. "These are the top ways we get in."
One of the flaws in the physical design of most data centers is their
drop ceilings and raised floors, Jones says. "The walls don't go all the
way up [to the ceiling] or down [to the floor]," he says. The drop
ceiling leaves a void for an intruder to remove a ceiling tile from a
nearby area and then crawl to the data center from above it. "You can
crawl down carefully to where you need to drop down," Jones says.
Best Selling Security Books and More!
Shop InfoSec News