Secure Utilities to Avoid Hacks - dummies

Secure Utilities to Avoid Hacks

By Kevin Beaver

You must consider building and data center utilities, such as power, water, generators, and fire suppression, when assessing physical security. Hackers can gain access through utilities. While utilities can help fight off such incidents as fire and keep other access controls running during a power loss. They can also be used against you if an intruder enters the building.

Attack points

Intruders often exploit utility-related vulnerabilities. Consider the following attack points, which are commonly overlooked:

  • Is power-protection equipment (surge protectors, UPSs, and generators) in place? How easily accessible are the on/off switches on these devices? Can an intruder walk in and flip a switch? Can an intruder simply scale a wood fence or cut off a simple lock and access critical equipment?

  • When the power fails, what happens to physical security mechanisms? Do they fail open, allowing anyone through, or fail closed, keeping everyone in or out until the power is restored?

  • Where are fire-detection and -suppression devices — including alarm sensors, extinguishers, and sprinkler systems — located? Determine how a malicious intruder can abuse them. Are they accessible via a wireless or local network with default login credentials? Are these devices placed where they can harm electronic equipment during a false alarm?

  • Where are water and gas shutoff valves located? Can you access them, or would you have to call maintenance personnel when an incident arises?

  • Are local telecom wires (both copper and fiber) that run outside of the building located aboveground, where someone can tap into them with telecom tools? Can digging in the area cut them easily? Are they located on telephone poles that are vulnerable to traffic accidents or weather-related incidents?

Countermeasures

You might need to involve other experts during the design, assessment, or retrofitting stages. The key is placement:

  • Ensure that major utility controls are placed behind closed and lockable doors or fenced areas out of sight to people passing through or nearby.

  • Ensure that someone walking through or near the building cannot access the controls to turn them on and off.

Security covers for on/off switches and thermostat controls and locks for server power buttons, USB ports, and PCI expansion slots can be effective defenses. Just don’t depend on them fully, because someone with a hammer can easily crack them open.