Server Physical Protection
Server physical security should be achieved through a multilayered approach, targeting safety, security, and maintenance.
To have a physically secure server, one must consider the potential physical threats to a server:
- Server access
- Data theft
- Data tampering
Server Hosting at Virginia Tech
Most servers at Virginia Tech are hosted in the Andrews Information System Building (AISB) and managed by Business Application and Integration Services (BAIS).
The following security standards should be applied to all medium and high risk Virginia Tech servers.
Standard 1: Safety
Exercise standard safety practices to minimize environmental hazards and accidents.
Standard 1.1: Cable Management
1.1.1: Cables should be properly stored to avoid being a tripping hazard. Route cables in overhead ladder trays when able; otherwise, store cables neatly elsewhere.
1.1.2: All cabling in cabinets or racks should be neatly routed along the side of the cabinet or rack using Velcro strips.
1.1.3: Unused cabling is removed upon a piece of equipment being removed, relocated, or decommissioned.
Standard 1.2: Server Aisles
1.2.1: Server aisles must remain clear of obstacles.
1.2.2: Server floor panels must be level to avoid causing a trip hazard.
1.2.3: Server aisles must be a minimum of four feet wide.
Standard 1.3: Server Room
1.3.1: The server room should have a minimum height of nine foot ceilings. This allows proper cooling from the server equipment and gives room for expansion.
1.3.2: The server room should be well ventilated.
1.3.3: The server room should be windowless to avoid sun exposure to the equipment.
1.3.4: Larger server rooms should have a climate control system set to approximately 65 degrees Fahrenheit.
1.3.5: Server room flooring should be made of antistatic materials to prevent shocking.
1.3.6: Space out computing equipment such that there is a maximum intensity of 300 watts per square foot of the room.
Standard 1.4: Server Equipment
1.4.1: Server racks should be professionally installed.
1.4.2: Server racks should have proper grounding and bracing to prevent from falling.
1.4.3: Both the front and rear of each server rack should be secured. It’s recommended to standardize the control access, as using a mix of products and technologies can expose the room to a range of vulnerabilities.
Standard 2: Security
Prevent intrusion and tampering from threat actors by utilizing industry standard security practices in server rooms and server equipment closets.
Standard 2.1: Storage
2.1.1: All valuables and important hardware should be properly stored in a secure container.
2.1.2: For valuable items and data, there should be a minimum number of points of entry and exit.
2.1.3: It is highly recommended to use a “clear desk” policy, where employees keep sensitive material put away and lock their computers before leaving them unattended.
Standard 2.2: Server Hardware
2.2: Server hardware must be placed in a data center or controlled access environment.
Standard 3: Maintenance
3.1: Keep prohibited materials out of server rooms and closets.
- Combustible materials
- Food and drink
- Notes and papers
3.2: Entrances to secured server rooms shall have a sign to indicate a “secured surveillance space” that must be visible at all times.
3.3: A sign must be posted prohibiting all food and drink that must be visible at all times.
3.4: Equipment and other hardware must be properly labeled, including
- Server racks
- Server equipment
- Power sources (UPS, PDUs, RPPs, and Circuit Breakers)
- Data cables
- Power cables
- Switches and buttons
3.5: Persons responsible for the server should periodically assess the potential risks to their server’s physical security, such as water damage, overheating, trip hazards, or unsecured server racks.