[ISN] Computer Co-location Facility Vulnerabilities

From: InfoSec News (isnat_private)
Date: Mon Aug 11 2003 - 00:22:56 PDT

  • Next message: InfoSec News: "[ISN] 'Well-dressed' men return stolen laptop"

    http://www.nuclearelephant.com/papers/colo.html
    
    [Definitely a good read, it raises issues I've had for years about 
    data-centers, even before 9-11  - WK]
    
    
    Jonathan A. Zdziarski
    jonathanat_private 
    August 7, 2003 
    
    I've been yelling at people about this for years. I've spent a 
    significant portion of the past ten years of my professional career 
    working for and with corporations with large co-location facilities. 
    Co-location facilities provide a cost effective data center solution 
    for many companies, both small and large, enabling remote hosting of 
    equipment in a climate controlled environment usually with several 
    redundant high-speed connections to the Internet. These facilities are 
    responsible for a significant percentage of electronic business 
    performed in the United States and other countries. 
    
    In having the privilege of working with a number of these facilities, 
    I've also had the opportunity to witness the vulnerabilities that 
    could give themselves over to terrorist activities. Prior to September 
    11 2001 , I was able to dismiss these fears with the thought that 
    nobody would ever want to blow up the city block". Unfortunately today 
    these vulnerabilities are both a valid and justifiable concern. 
    
    Many co-location facilities are strategically placed in areas where a 
    significant amount of business is occurring, major peering points, 
    large corporate concentrations, and many general terrorist targets. 
    Some facilities are within immediate proximity to targets such as the 
    New York Stock Exchange, the CNN building, and the public and private 
    networks that are responsible for the Internet as well as military and 
    public service networks. 
    
    What makes this combination of concealment and network connectivity 
    even more dangerous is the ability for a coordinated effort to install 
    at multiple locations over a period of weeks and detonate 
    simultaneously, wreaking havoc to financial institutions, mainstream 
    media, communications, and any other such targets vulnerable to such 
    an attack. A single target among many, if taken out, could seriously 
    cripple the Internet let alone the number of critical private networks 
    sharing the same fiber. Due to the placement of such facilities, they 
    are unfortunately an ideal target for terrorists to take advantage of. 
    These facilities are one of only a few places where an individual is 
    capable of introducing heavy, unchecked equipment, leaving it in or 
    near a large public concentration of business, and is able to 
    communicate remotely with the equipment from virtually anywhere in the 
    world. 
    
    These facilities, by nature, are usually built in areas where multiple 
    power and telecommunication grids converge meaning the strike of a 
    potential target could possibly take out power and all forms of 
    telecommunications in a significantly large area for a prolongued 
    period, leaving thousands without electricity, emergency services, and 
    etcetera. Historically, these conditions frequently lead to a high 
    rate of crime and possible loss of life. 
    
    [...]
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Aug 11 2003 - 02:46:49 PDT