Electronics Protection - Spring 2015 - (Page 16)

Feature Bridging the Technology Gap: The Importance of Cyber and Physical Security within the Data Center Aldon Blackwood, Product Manager E-LINE by DIRAK In recent months, cyber-attacks have been on the rise, showing no signs of slowing down. Their attacks have spanned continents and industries, targeting companies of all shapes, sizes and levels of prominence. Highlighting the risk that all businesses who maintain customer data are currently facing. The breaches at Target, Home Depot and Sony did not just result in significant data loss, but also created irreparable damage to their brands, shaking customers' confidence in the ability of these businesses to secure their most sensitive information. In the Target attack alone, 40 million customers had their credit and debit card numbers stolen resulting in a 46 percent drop in profits for the company in their subsequent quarter compared with the previous year. Additionally, the credit card companies and banks of the Target customers spent $200 million reissuing stolen cards, while Target spent $100 million upgrading their payment system to support Chip-and-Pin enabled cards. To avoid future breaches and companies are focusing even more of their resources on protecting their assets by ensuring they have a comprehensive cybersecurity posture. While there is no doubt that cybersecurity is an essential aspect to any organization's security, the tunnel vision created by recent events can have a dangerous side effect, ignoring physical security. The two sides of the security spectrum cannot be viewed as mutually exclusive, but rather a partnership where both are working in tandem to protect the critical assets of organizations. While cybersecurity and credit card technology has advanced and adapted to the modern threat, the physical security realm still lags far behind. The Wiegand Protocol, developed in the 80's, is still the standard communication language used to transmit and process data between the access card, keypad or biometric reader and the backend controller. The communication between devices on this technology is unencrypted and can be easily tampered with and falsified. These systems have no way of knowing if a reader has been disconnected or goes offline and will not send any alerts to the system administrator letting them know it has been corrupted or stolen. An intruder could hack into the system and trick it into granting access to unauthorized users and lock out those with authorization, while simultaneously collecting authorization data for any individual that had access to the building. Using this authorization data, the intruder could now gain access to other secured areas. Once inside the data center, the server racks that house critical data are still being secured with a mechanical handle that normally utilizes standard keys. Even when using unique locks, keys can be lost, stolen or duplicated. This exposes companies to the most common data breach threat: an insider job. By utilizing untraceable mechanical keys, companies remove all possibility 16 Spring 2015 * www.ElectronicsProtectionMagazine.com for auditability. This makes it easier for employees, contractors or visitors to gain access to the data center floor and racks. Given these vulnerabilities, it is critical for physical security to play catch up, before criminals will begin to adapt and target the primitive physical IT security measures. A more modern solution to outdated physical security has been biometrics, but the widespread adoption for its ability to protect data centers is misguided. Biometrics by itself is an insufficient solution to protecting critical assets; each individual has a limited number of authentication credentials, e.g. 10 fingerprints, which cannot change. While they may possess unique properties, they are always in public visibility and exposed to potential risks. For example, the Chaos Computer Club (CCC), Europe's largest hacker association, exhibited their ability to reconstruct an exact fingerprint of Ursula von der Leyen, the German Defense Minister. CCC was able to do this using a consumer grade camera and Verifinger, a software available to the general public. This demonstration proves that there are still large vulnerabilities in biometric technology. Additionally, it is standard practice for finger print data to be collected during border crossings, criminal and civil cases and for government employees; creating databases of potential users and their authentication credentials. If biometrics are not adequate, what technical requirements for building and rack level access control should be implemented? Mechatronic locks should transmit only encrypted communication to the controller, while implementing dual factor authentication at the reader. This type of solution at the IT cabinet's door will prevent unauthorized persons, while software should provide a complete audit trail with the specific identity of each individual who successfully gained access, showing the time they entered, and how long they stayed inside. A product that is already bringing this level of security to the industry is E-LINE by DIRAK's MLR series. The MLR series of locks are IP addressed server rack handles capable of one to four factors of authentication. The handles provide a tamper-proof solution that increases security and mitigates risk by delivering real time monitoring, auditability and AES-256 encrypted communication. By operating and still requiring authentication in both network and power down situations, they eliminate the need for mechanical keys and create a gapless audit trail. This type of solution will give the system administrator the ability to monitor, control and report all activity occurring at each rack any time of the day, while keeping all unauthorized personnel out. Organizations need to proactively address risks and examine vulnerabilities on all fronts. This requires an integrated security plan that successfully bridges the gap between cyber and physical data security. For more information visit www.elinebydirak.com. http://www.elinebydirak.com http://www.ElectronicsProtectionMagazine.com

Table of Contents for the Digital Edition of Electronics Protection - Spring 2015

Editor's Choice
Predictive Modeling: The Next Frontier in Data Center Condition Maintenance
Don't Forget the Batteries
Military Aircraft Power
Pumped Two Phase Cooling Solutions for Challenging Thermal Management Applications
Identifying the Ideal Mechanical PCB Hardware for Electronic Systems
Bridging the Technology Gap: The Importance of Cyber and Physical Security within the Data Center
Waterproof Mobile Device Protection without Compromising Acoustic Quality
Industry News

Electronics Protection - Spring 2015