[187597] in North American Network Operators' Group
Re: Shared cabinet "security"
daemon@ATHENA.MIT.EDU (Otto Monnig)
Fri Feb 12 16:30:54 2016
X-Original-To: nanog@nanog.org
From: Otto Monnig <omonnig@gmail.com>
In-Reply-To: <1174560157.4947.1455310705910.JavaMail.mhammett@ThunderFuck>
Date: Fri, 12 Feb 2016 15:30:21 -0600
To: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Mistake prevention is the key. Neatness counts.
Label everything - cubicle, equipment, cables using high quality labels =
that won=E2=80=99t fall off. Use a meaningful labeling scheme. Label =
both sides of the equipment with letters large enough for everyone to =
read. Color coding is nice until you have dim lighting or a color-blind =
tech.
Separate power and data for the wired stuff. EMI leakage is real. =
Secure power cords to the equipment. Secure cables to PDU so they =
don=E2=80=99t fall out when bumped. Secure the cables for =E2=80=9Cwall =
wart=E2=80=9D power supplies so that they do mot loosen. Learned this =
the hard way after plugs vibrated or =E2=80=9Cfell=E2=80=9D out.
If you have issues with others pugging into your power, use electrical =
outlet blocker plugs (baby proofing supplies) and mark them as if the =
outlet is broken.
Secure your data cables so that they do not block the heat exhaust of =
the equipment. Use cable boots to prevent damage to cable clips, and to =
prevent tugging on other cables when making changes. Don=E2=80=99t bend =
cables beyond the minimum bend radius.
You=E2=80=99re only as safe as the most dangerous technician that is =
allowed into the space.
--
Otto Monnig
CTO
KTG IP, LLC
omonnig@gmail.com
> On Feb 12, 2016, at 2:58 PM, Mike Hammett <nanog@ics-il.net> wrote:
>=20
>=20
> That moment when you hit send and remember a couple things=E2=80=A6=20
>=20
> Of course labeling of the cables.=20
>=20
> Maybe colored wire loom for fiber and DACs in the vertical spaces to =
go along with the previously mentioned color scheme?=20
>=20
>=20
>=20
>=20
> -----=20
> Mike Hammett=20
> Intelligent Computing Solutions=20
> http://www.ics-il.com=20
>=20
> Midwest-IX=20
> http://www.midwest-ix.com=20
>=20
> ----- Original Message -----
>=20
> From: "Mike Hammett" <nanog@ics-il.net>=20
> To: "North American Network Operators' Group" <nanog@nanog.org>=20
> Sent: Friday, February 12, 2016 2:53:17 PM=20
> Subject: Re: Shared cabinet "security"=20
>=20
>=20
> I am finding a bunch of covers for the front. I do wish they stuck out =
more than an inch (like two).=20
> =
http://www.middleatlantic.com/~/media/middleatlantic/documents/techdocs/s_=
sf%20series%20security%20covers_96-035/96_035s_sf.ashx=20
>=20
> It looks like these guys stick out 1.5=E2=80=9D. That may be =
workable=E2=80=A6 =
http://www.lowellmfg.com/tinymce/jscripts/tiny_mce/plugins/filemanager/fil=
es/1717-SSCV.pdf=20
>=20
> I guess those covers are really only useful for servers. That really =
wouldn=E2=80=99t work with a switch\router. Switches and routers are =
going to be the bulk of what we=E2=80=99re dealing with.=20
>=20
> I am finding locking power cables, but that seems to be specific to =
the PDU you=E2=80=99re using as it requires the other half of the lock =
on the PDU.=20
>=20
> I did come across colored power cords. I wonder with some enforced =
cable management, colored power cables, etc. we would have =E2=80=9Cgood =
enough=E2=80=9D? You get some 1U or 2U cable organizers, require cables =
to be secured to the management, vertical cables in shared spaces are =
bound together by customer, color of Velcro matches color of the power =
cord? Blue customer, green customer, red customer, etc. Could do the =
cat6 patch cables that way too, but that gets lost when moving to glass =
or DACs.=20
>=20
> I thought about a web cam that would record anyone coming into the =
cabinet, but Equinix doesn=E2=80=99t really allow pictures in their =
facilities, so that=E2=80=99s not going to fly. Door contacts should be =
helpful for an audit log of at least when the doors were opened or =
closed.=20
>=20
> Financial penalty from the violator to the victim if there=E2=80=99s =
an uh oh?=20
>=20
> I=E2=80=99m not trying to save someone from themselves. I=E2=80=99m =
not trying to lock the whole thing down. Just trying to prevent mistakes =
in a shared space.=20
>=20
>=20
>=20
>=20
> -----=20
> Mike Hammett=20
> Intelligent Computing Solutions=20
> http://www.ics-il.com=20
>=20
> Midwest-IX=20
> http://www.midwest-ix.com=20
>=20
> ----- Original Message -----=20
>=20
> From: "Mike Hammett" <nanog@ics-il.net>=20
> To: "North American Network Operators' Group" <nanog@nanog.org>=20
> Sent: Wednesday, February 10, 2016 8:59:08 AM=20
> Subject: Shared cabinet "security"=20
>=20
> I say "security" because I know that in a shared space, nothing is =
completely secure. I also know that with enough intent, someone will =
accomplish whatever they set out to do regarding breaking something of =
someone else's. My concern is mainly towards mitigation of accidents. =
This could even apply to a certain degree to things within your own =
space and your own careless techs=20
>=20
> If you have multiple entities in a shared space, how can you mitigate =
the chances of someone doing something (assuming accidentally) to =
disrupt your operations? I'm thinking accidentally unplug the wrong =
power cord, patch cord, etc. Accidentally power off or reboot the wrong =
device.=20
>=20
> Obviously labels are an easy way to point out to someone that's =
looking at the right place at the right time. Some devices have a cage =
around the power cord, but some do not.=20
>=20
> Any sort of mesh panels you could put on the front\rear of your gear =
that you would mount with the same rack screw that holds your gear in?=20=
>=20
>=20
>=20
>=20
> -----=20
> Mike Hammett=20
> Intelligent Computing Solutions=20
> http://www.ics-il.com=20
>=20
> Midwest-IX=20
> http://www.midwest-ix.com=20
>=20
>=20
