Skip to content

Page157

Site Selection, Design, and Configuration

Site Selection, Design, and Configuration describes the process of building a secure facility such as a data center, from the site selection process through the final design. The exam could pose a scenario where you are asked about any part of the site selection process, beginning with the land the data center will be built on.

There are many practical concerns when selecting a site, such as parking, accessibility via roads, public transportation, nearby amenities, and hotels. The exam focuses on security concerns. Remember that physical safety of personnel is the top priority when selecting, designing, and configuring a site.

Site Selection Issues

Site selection is the “greenfield” process of choosing a site to construct a building or data center. A greenfield is an undeveloped lot of land, which is the design equivalent of a blank canvas.

Topography

Topography is the physical shape of the land: hills, valleys, trees, etc. Highly secure sites such as military installations will leverage (and sometimes alter) the topography of the site as a defensive measure. Topography can be used to steer ingress and egress to controlled points. For example, if an attacker is going to attempt to drive a car bomb into a building, it should occur at a controlled and hardened class IV gate, as opposed to a weaker side wall.

Utility Reliability

The reliability of local utilities is a critical concern for site selection purposes. Electrical outages are among the most common of all failures and disasters we experience. Uninterruptible Power Supplies (UPSs) will provide protection against electrical failure for a short period (usually hours or less). Generators provide longer protection but will require refueling in order to operate for extended periods.

Crime

Local crime rates also factor into site selection. The primary issue is employee safety: all employees have the right to a safe working environment. Additional issues include theft of company assets.

Site Design and Configuration Issues

Once the site has been selected, several design decisions must be made. Will the site be externally marked as a data center? Is there shared tenancy in the building? Where is the telecom demarc (the telecom demarcation point)?

Note that secure site design cannot compensate for poor site selection decisions. These are complementary concepts that embody parts of physical defense-in-depth.

Site Marking

Many data centers are not externally marked to avoid drawing attention to the facility (and the expensive contents within). Similar controls include attention-avoiding details such as muted building design.

Shared Tenancy and Adjacent Buildings

Other tenants in a building can pose security issues: they are already behind the physical security perimeter. Their physical security controls will impact yours: a tenant’s poor visitor security practices can endanger your security, for example.

Adjacent buildings pose a similar risk. Attackers can enter a less secure adjacent building and use that as a base to attack an adjacent building, often breaking in through a shared wall. Many bank heists have been pulled off this way; including the theft of over $20 million dollars from British Bank of the Middle East in 1976 (the attackers blasted a hole through the shared wall of an adjacent church). For more details see https://coinweek.com/people-in-the-news/crime-and-fraud/the-biggest-gold-heists-of-all-time-part-ii/.

Another security risk associated with shared tenancy (or neighbors who are physically close) is wireless security. Physical proximity is required to launch many types of wireless attacks. Also, neighbors running wireless equipment at the same frequency as you can cause interference, raising wireless availability issues.