Comments on: Your datacenter may not be secure enough http://www.mckeay.net/2009/03/16/your-datacenter-may-not-be-secure-enough/ The views of one man on security, privacy and anything else that catches his attention Fri, 03 Sep 2010 17:58:30 +0000 hourly 1 http://wordpress.org/?v=abc By: Aaron Guhl http://www.mckeay.net/2009/03/16/your-datacenter-may-not-be-secure-enough/comment-page-1/#comment-4371 Aaron Guhl Wed, 18 Mar 2009 14:23:05 +0000 http://www.mckeay.net/2009/03/16/your-datacenter-may-not-be-secure-enough/#comment-4371 Physical security is definately something that I think is overlooked. I think there are ton of companies out there where gaining access to information over the network might be difficult, but they don't put nearly as much effort into the physical side of it. Gaining access to the physical network would be easy if you new a little bit about the building, etc. But, like you said, there must be an insider that relays some secret info about the building and security measures in place so that they can get around them. But I have to think that if the thieves in this case had broken down walls and doors to gain access, it makes you wonder about the lengthes that some thieves are willing to go. How far do you take your security measures knowing that someone is willing to bust through walls to get access to your physical network?! Physical security is definately something that I think is overlooked. I think there are ton of companies out there where gaining access to information over the network might be difficult, but they don’t put nearly as much effort into the physical side of it. Gaining access to the physical network would be easy if you new a little bit about the building, etc. But, like you said, there must be an insider that relays some secret info about the building and security measures in place so that they can get around them.

But I have to think that if the thieves in this case had broken down walls and doors to gain access, it makes you wonder about the lengthes that some thieves are willing to go. How far do you take your security measures knowing that someone is willing to bust through walls to get access to your physical network?!

]]> By: robin http://www.mckeay.net/2009/03/16/your-datacenter-may-not-be-secure-enough/comment-page-1/#comment-4367 robin Tue, 17 Mar 2009 15:50:54 +0000 http://www.mckeay.net/2009/03/16/your-datacenter-may-not-be-secure-enough/#comment-4367 Good article. It will be interesting to see what Level 3 do to step up the security now. Typo, "you’re" not your in para 1. Good article. It will be interesting to see what Level 3 do to step up the security now.

Typo, “you’re” not your in para 1.

]]> By: Security Briefing - March 17th : Liquidmatrix Security Digest http://www.mckeay.net/2009/03/16/your-datacenter-may-not-be-secure-enough/comment-page-1/#comment-4366 Security Briefing - March 17th : Liquidmatrix Security Digest Tue, 17 Mar 2009 13:16:42 +0000 http://www.mckeay.net/2009/03/16/your-datacenter-may-not-be-secure-enough/#comment-4366 [...] Your datacenter might not be secure enough - Network Security Blog [...] [...] Your datacenter might not be secure enough – Network Security Blog [...]

]]> By: windexh8er http://www.mckeay.net/2009/03/16/your-datacenter-may-not-be-secure-enough/comment-page-1/#comment-4364 windexh8er Mon, 16 Mar 2009 17:34:44 +0000 http://www.mckeay.net/2009/03/16/your-datacenter-may-not-be-secure-enough/#comment-4364 Well then good thing my DC is in the 'cloud'! That means it doesn't physically exist anywhere, right? ;) On a more serious note that's rather interesting. Definitely agree the network gear is the pot-o-gold, but maybe the attackers were going for IP? Do you think Last.FM has user data or source code that may rake in more than the overly heavy gear? (I can't imagine trying to run out of a DC with a 65xx). In all reality if they were smart they would have stole the blades, left the PSU and heavy chassis (as those are relatively inexpensive anyway). Sold the supervisors and line cards -- which is where the bank is anyway. --windexh8er Well then good thing my DC is in the ‘cloud’! That means it doesn’t physically exist anywhere, right? ;)

On a more serious note that’s rather interesting. Definitely agree the network gear is the pot-o-gold, but maybe the attackers were going for IP? Do you think Last.FM has user data or source code that may rake in more than the overly heavy gear? (I can’t imagine trying to run out of a DC with a 65xx). In all reality if they were smart they would have stole the blades, left the PSU and heavy chassis (as those are relatively inexpensive anyway). Sold the supervisors and line cards — which is where the bank is anyway.

–windexh8er

]]>