Transcript Document
Physical Security in the IT
Environment
Patrick J. Burns
Colorado State University
Theme
“Do what you can with what you have
when you can.” T. Roosevelt
March 12, 2003
HE Forum on IT Security
2
Outline
Protecting the physical IT environment
Traceability (cameras)
A “poor man’s” disaster recovery node
March 12, 2003
HE Forum on IT Security
3
Goal and Objective
Protect the IT environment from major
“incidents”
Maintain some level of service in the case of
major “incidents”
Cost increases as more services are protected
Strategic decision as to how much to protect
Funding may be available next year from the
federal Dept. of Homeland Security – will be
funneled through states
March 12, 2003
HE Forum on IT Security
4
Definitions
Duplication
Distribution
Automatic or almost automatic fail-over
Examples: clustered services, telephone switches,
redundant servers, DNS
Geographical separation of duplicated or nonduplicated services
Protecting the IT environment should include
elements of both duplication and distribution
March 12, 2003
HE Forum on IT Security
5
The Vision
Distribute central IT as a strategy to protect
the IT environment from disasters
Protection of critical infrastructure has been
in vogue since Sept. 11, 2001
Just “do it” on the cheap, as better than
extensive planning for which we will not be
funded (based upon 15 yrs. of history)
March 12, 2003
HE Forum on IT Security
6
Overview of CSU IT Physical
IT Infrastructure
Two SONET head ends: ICG and Qwest
Each has multiple fiber paths into CSU, but both
enter the same building
Candidate for distribution, but expensive unless
negotiated as part of a multi-year service agreement
Used for both voice and data
“Head ends” reasonably secure, alarmed,
access id controlled
Adjacent to the telecom office, where many
students visit for billing information
Typical conundrum: security vs. access
March 12, 2003
HE Forum on IT Security
7
Overview of CSU’s … (cont’d)
Fiber/copper buried in the ground or in steam
tunnels – reasonably secure
Of 414 buildings in Fort Collins, 211 need fiber
Maybe 30-40 are served by steam tunnels
Secure telecom rooms
Fiber/copper in between telecom rooms in
metal conduit, I.e. secure
In-building wiring somewhat secure (in
conduit), but scope of vulnerability low (one
wire, one user)
March 12, 2003
HE Forum on IT Security
8
Telecom Rooms
Scope at CSU
Building secure, locked rooms used only for
telecommunications
211 buildings, many with multiple telecom rooms
(e.g. library has ~17)
Evicting the janitors
Networking is distributed at CSU, subnet
managers need access to the telecom rooms
March 12, 2003
HE Forum on IT Security
9
Re-keying of Telecom Rooms
Facilities re-keying project
Hundreds of (maybe 1,000) telecom rooms
$100 each for re-keying, 2 keys fit:
Great grand master keys (limited
distribution, e.g central staff)
Keys for subnet managers that fit only the
telecom rooms in individual buildings
March 12, 2003
HE Forum on IT Security
10
Telecom Room Access
Facilities issues keys
Require a background check paid for by the
subnet manager (~ $12)
Requires signed agreement w/ CSU Telecom
Don’t touch the telephone network
Don’t touch the back end of the network
Touch only patch cords: to maintain 20 year
warranty
March 12, 2003
Use Avaya patch cords only
Dress the patch cords appropriately
HE Forum on IT Security
11
Video Cameras
About 20-30 old analog to CSU PD
Monitored (not well)
Recorded on standard video tape
Require individual fiber connections
New web cameras
Old, central solution insufficient quality (Motion
JPEG encoding)
Now, deploying
March 12, 2003
Pan, tilt and zoom cameras w/ pre-programmed motion
Attached to PC’s in buildings with local storage
HE Forum on IT Security
12
Disaster Recovery
Most IT services at CSU, including
redundancy, are co-located
Network backbone nodes meshed and distributed
MMF distance limitation caused us to build six BB nodes
Magnetic tapes stored off site
Enabling factors for distribution
March 12, 2003
Clustered W2K services
Voice over IP
Multiple servers (boxes) for unix-based IT services
Web cameras
HE Forum on IT Security
13
Currently
Factors that impede, impair or diminish the
value of distribution
The “teclo hotel” – central vulnerability
Single SONET node (even though SONET path
may be redundant)
Lack of 24x7 staffing
Secure space
Electrical power from a single substation
Cost
March 12, 2003
HE Forum on IT Security
14
Vulnerability at CSU
In one room, central IT services:
Redundant equipment for Internet access
Router, ATM switch, Packeteer
31 unix CPU’s in 14 different boxes for e-mail,
campus web pages, DNS, unix applications, etc.
W2K domain servers, Cold Fusion server
Administrative application servers
In another room (proximity 100 yards),
campus telephony
SL-100 telephone switch, Octel 350 for voicemail,
clustered Cisco VoIP Call Managers, SONET, etc.
March 12, 2003
HE Forum on IT Security
15
CSU’s Accomplishment
Built a simple, redundant node
Geographically isolated from main campus
On a separate electrical substation
Redundant fiber feed from campus BB
Secure and alarmed, but not staffed
Funded from campus rewire project and
CSU Telecommunications
March 12, 2003
HE Forum on IT Security
16
Installed There
Duplicated services
Big UPS, no generator
Distributed services
Campus BB network node
Internet equipment
W2K DNS/domain server
File back-up
Planned VoIP distribution/duplication
Windows server, small AiX server
Explored redundant “head end” services
Too expensive, from ICG for redundancy: $75k SONET, $35k
fiber route
March 12, 2003
HE Forum on IT Security
18
Architecture
400 Meridians.
11,000 POTS
Glover Bldg.
ICG
OC12
USC Bldg.
ICG SONET?
Octel 350
Qwest PRI
SM
SMDI
T-1s
SL-100
SMDI
SM
HDLC
PRI
PRI
Cisco CM
BB 6509
PRI’s
Cisco CM
Network
HDLC
Campus
GBE BB
SHARPS
Qwest
OC12
LS1010,
Internet
Router
W2K #2
OC3
AIX Backup,
DNS
UPS – 2 hr
IP Phones
LS 1010,
Internet
Router
BB 6509
Data Center
Engr. Bldg.
Still TBD
Still formulating plans for remediation in the
event of a disaster
PRI’s for VoIP - 1 DID, 1 DOD?
Redundant link for Internet (dark fiber)
Strategic placement of VoIP phones across
campus, in case of telephone switch failure
Separate PRI’s on copper directly from Qwest
Will consider SoftPhone, hardware IP phones
Modem redundancy
MG for new building
March 12, 2003
HE Forum on IT Security
20
Recommendations
Distribute VoIP services - modems for SMDI
link, HDLC for PRI
Distribute DNS servers
Distribute eID, W2K domain servers
Distribute other services as appropriate
IT services: e-mail, CMS, web pages, etc.
Administrative applications
Dark fiber
Develop written document of policies and
procedures for disaster recovery
March 12, 2003
HE Forum on IT Security
21