Sunday, 6 May 2012

Common Threats to Router and Switch Physical &Mitigation

Routers and switches are commonly placed or installed within the server room, where other servers equipment are in placed. Therefore, the server room requires a high level or physical security to prevent any unauthorized access to all the devices/servers inside. Not only physical security, the devices has to be protected with well-control temperature, reliable power supply and hardware support.

There are FOUR common threats faced by routers and switches during physical installations:
Hardware Threats, Environmental Threats, Electrical Threats and Maintenance Threats

Hardware Threats:
This threat refers to any risk that will cause physical damage to hardware (router, switch and servers).
The simplest way to mitigate this threat is to ensure that the router and switch could not be access (NOT even touch) by any unauthorized personnel.

Few ways commonly used to mitigate unauthorized access to the router and switch:
  • Prevent access via the ceiling, raised flooring, windows, duct-work
  • Prevent unauthorized access using access cards and implement man-traps
  • Implement port security on all on the switches
  • Install civilian cameras with logging features
Environmental Threats:
This threat refers to the temperatures, moisture, electrostatic, and magnetic interference of the server room's environment. Bad control of these environmental components will cause the environmental threats, spoiling the equipments in the server room.

In order to mitigate the environmental threats :
  • Make sure that the temperature is not too extreme (too cold / too hot)
  • Make sure that the humanity in the server room is just right (cannot be too wet or too dry)
  • Remove any sources that will cause electrode-magnetic interference in the server room
  • Control the airflow in the server room
Electrical Threats:
This threat refers to the irregular change in the voltage of the systems, such as voltage spikes, insufficient voltage supply, unconditioned power supply, and total power loss. As power supply is the most crucial requirement for any devices in the server room to work, redundant power supply can be implement to prevent single-point of power failure.

To mitigate electrical threats:
  • Install the uninterruptible power supply (UPS) systems
  • Implement redundant power cables or hardware
  • Install backup generator systems
  • Plan and implement preventative maintenance
  • Implement monitoring and alarms for power-related parameters at the power supply and device levels
Maintenance Threats:
This threat refers to the lack of backup parts, network components or electronic components; or lack of proper labeling on devices, cables and other related components; or even poor handling of electronic components which causes electrostatic discharge (ESD). A general list of rules should be follow in order to maintain and mitigate this threats.

The general list of rules to mitigate maintenance threats inclues:
  •  Label  clearly for the cabling and secure them to the racks to prevent accidental damage, disconnection, or incorrect termination
  • User proper cables runways
  • Follow the proper ESD procedures for handling the internal components of the router or switch
  • Disconnect any console connection and administrative interfaces when not in use
  • Stock up with some of the critical spares such as cables or router/switch adapters

Reference:
INKS week 2 lecture notes - Basic Router and Switch Security
http://computernetworkingnotes.com/network-security-access-lists-standards-and-extended/mitigating-common-threats.html
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)