Your servers and critical infrastructure elements should be in an unmarked, locked room with access control and access log as well as CCTV

Your servers and critical infrastructure elements should be in an unmarked, locked room with access control and access log as well as CCTV

It regularly makes you wonder how many organizations have their servers and other critical infrastructure in rooms marked clearly as the server and communication room.

When confronted with a question why they are doing it the answers are often quite sorry.

In fact, there’s actually two types of people who need to know about the location of these rooms.

The first group of people would be obviously the IT staff, And on rare occasions the fire department. 

And that’s pretty much the end of the story, because there is nothing more to be said about this topic.

A server room should be unmarked, very well protected, and hereby I also mean the access control with logging to a security company responsible for the security of the building, And this should also include an alarm being tripped out even the slightest manipulation attempt against the security measures. This brings us to the next point of CCTV, which is obviously only good for after the fact, but acts as a reliable deterrent for attackers.

If you are the person who is totally into signs and marking rooms, yes I have something for you too.

In fact, I was with a customer a few years ago who insisted that their server room had to be marked for totally stupid reasons; we ended up purchasing cheap and outdated hardware through eBay and set up a dummy server room which had all the bells and whistle‘s like servers, switches, patch panels, and outdated PBX, and all the shebang… However The room was entirely meaningless because all the hardware elements in this room were decoys. 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.