The primary goal of physical security is to stop physical attacks whenever possible, and, failing that, to slow them down so that hopefully someone will notice the presence of the attacker in a restricted area, preventing any tampering with the system. Weak physical security often invalidates any other security measure, and thus should be prioritized.
For secure rooms make sure that the walls go beyond the false ceiling, and below the raised floor, large vents should also be covered with bars if possible.
Monitoring the room with CCTV or wired cameras is a great way to provide security for your server room or data center. As well as providing video footage of events which may occur - door open events, motion detection or any other sensor event, they also act as a visual deterrent to would be criminals.
Solution for remotely monitoring the temperature ensue proactively notify you when the temperature goes above or below pre-defined thresholds, potentially allowing you to take corrective measures before encountering costly downtime.
Monitoring Physical Security for your Server Room
Computer equipment generates heat, and is sensitive to heat, humidity, and dust, but also the need for very high resilience and failover requirements. Maintaining a stable temperature and humidity within tight tolerances is critical to IT system reliability.
Air conditioning designs for most computer or server rooms will vary depending on various design considerations, but they are generally one of two types: "up-flow" and "down-flow" configurations.
How to Monitor Server Room Temperature and Environmental Conditions
The fire protection system's main goal should be to detect and alert of fire in the early stages, then bring fire under control without disrupting the flow of business and without threatening the personnel in the facility. Server room fire suppression technology has been around for as long as there have been server rooms.
There are a series of things you need in a fire suppression system:
- an emergency power off function
- gas-based suppression system
- fire detection sensors
What Type of Suppression System Works Best for Computer Room Fires?
All systems should be securely fastened to something with a cable system, or locked in an equipment cage if possible. Case locks should be used when possible to slow attackers down.
Securing the Physical Safety of Data with Rack-Level Access Control
With physical access to most machines you can simply reboot the system and ask it nicely to launch into single user mode, or tell it to use /bin/sh for init.
In the program itself to edit the BIOS settings:
- only boot from specific drive
- disable the unused controllers
- disable the booting from external media devices (USB/CD/DVD)
- enable BIOS password
You need to protect the BIOS of the host with a password so the end-user won’t be able to change and override the security settings in the BIOS.
Main reasons for password protecting the BIOS:
- preventing changes to BIOS settings
- preventing system booting
Because the methods for setting a BIOS password vary between computer manufacturers, consult the computer's manual for specific instructions.
For this reason, it is good practice to lock the computer case if possible. However, consult the manual for the computer or motherboard before attempting to disconnect the CMOS battery.
BIOS Protection Guidelines for Servers (Draft)
| Item | True | False |
|---|---|---|
| Physically secure machine (also outside of a server room) | 🔲 | 🔲 |
| Monitoring server rooms with CCTV or wired cameras | 🔲 | 🔲 |
| Remotely monitoring the temperature | 🔲 | 🔲 |
| Efficient air conditioning solution | 🔲 | 🔲 |
| Efficient fire protection system | 🔲 | 🔲 |
| Locked cage (server case) | 🔲 | 🔲 |
| Physical access to server console | 🔲 | 🔲 |
| Password on the BIOS | 🔲 | 🔲 |
| Disable external media devices | 🔲 | 🔲 |
| Periodic physical inspections | 🔲 | 🔲 |