Server room door security
Solution 1
Are those nice biometric and what have you devices of yours attached to UPS power? Is the entire chain, from reader, electric lock, any switches / distribution layer, to the authentication server and its database on emergency power?
I'm just asking because a few years ago we had the largest regional power loss in 25 years around here. I know of one major installation where they to their horror discovered that they couldn't enter their server room while the electricity was out. Their emergency procedures required them to power down non-essential servers, because their UPS power couldn't run the air conditioning at full output, so the server park heat output exceeded the A/C cooling when on emergency power. So they stood outside their server room, and wondered how hot it was getting in there...
I would suggest to keep it simple, with a good certified steel door, a steel door-frame that is well fastened to solid walls, and 2 good mechanical locks on the door (say 1 Medeco and 1 Kaba).
You can of course replace one of the mechanical locks with a swipe card, to gain a entry log during normal operation. Just be sure that the electric lock automatically disengages if power is out. Strictly speaking, this makes you more vulnerable against a James Bond style burglary, where the attackers cut power to the building before going in. This is a small risk, but one I'd much rather take than risk being locked out of my server room during an emergency.
Solution 2
Proximity cards are your best bet. The logging is there in a clean, concise format. Our data centers are secured by the same badge system that our external doors are secured with which allow for group access configurations.
Security cameras are another option, but the maintenance is problematic and it takes a little longer to sift through the video to find what you're looking for.
EDIT:
Bioscanners are another option, as Zypher pointed out, but then you start getting into privacy issues. In many countries this quickly gets legal involved.
Solution 3
Don't try to secure things too much, put the usual swipe or promixity card on and audit access. Lots of swipe locks can be further secured with a pin for trusted employees.
I know of a site where the server room is secured by the outsourced company, and access has to be requested in advance and a key provided to gain entry. As a result a minimum of 2 employees are required to be in the room at any given time - if 1 person went in, fell or had a server fall on him or otherwise was unable to get to the door to open it, they'd have to raise an emergency request to get a new key sent over, which would take far too long (personally, I'd smash the door open in such a case). Don't try to restrict access too much.
Solution 4
I'm a big fan of simple solutions that don't require too much extra hardware to function. I like strong doors, strong locks, and large, intimidating security guys named 'Larry', who can bench press the entire IT staff.
Locks do have a problem that many lock manufacturers are in denial about how easy their products are to pick right now, but that's where Larry comes in - you can't use a lockpick when Larry is around because he'll turn you into a pretzel.
Further, if the number of people who go in and out of the special door is small, Larry will learn to recognize them. And when someone who doesn't normally go through that door approaches, Larry will ask them what they are doing. And if they don't have a good explanation for their presence, well, it's pretzel time again!
Larry does have the downside of being an ongoing expense for your organization, but if you really need that door protected, then Larry can be a really big contributor to that protection.
Solution 5
We have our door at the local office setup with a badge reader that ties into our normal system. The lock is also keyed so that a master key cannot open it and only IT has a copy of the key as a just in case backup. In our data center we additionally have a hand scanner that ties into the system so you need both your hand and badge ID to get into the door, along with being in the group that allows access.
I would talk to whoever provides your normal badge entry systems for options on how to integrate it to your existing system (if you have one)
Related videos on Youtube
johnie walker
Updated on September 17, 2022Comments
-
johnie walker almost 2 years
Hey guys, I have created a tree which is not a binary tree. Now, what I want is to search for an element. The main thing is the following: Since I have no comparison chance in contrast to a binary tree, I have to find some other ways to implement the code. Here what I thought:
public TreeNode<City> search(City parent, TreeNode<City> t){ //As you guess, City class is irrelevant to the issue, I have no problem with City class. if (t.getCity().equals(parent)) { return t; } else if (t.hasLeftChild()){ search(parent,t.getLeftChild()); } else if(t.hasNextSibling()){ search(parent,t.getNextSibling()); } else//Since I know that case will never happen, the returned value is unimportant return t; }
Of course, that code did not work. The difficult part is that I have to return the value I am searching for as soon as I find it. Yet, If I cannot find it, I still have to return something. How am I going to do that???
-
Dentrasi almost 15 yearsOur building used to be a bank, so we keep our servers in the vault. nothing like a 3" steel door to keep people out..
-
thierry almost 15 years@Dentrasi: My last office was an old bank. The vault door is awesome until you fool around and get a board wedged in it...Last time I fool around with a vault-door. I had to chip the board into pieces to get the door back opened.
-
Sam Dufel about 13 yearsIt would be more helpful if you told us what kind of tree it is, rather than what kind of tree it is not.
-
johnie walker about 13 yearsActually, the tree is something I created and I don't know if there is a spesific name for it, guess shouldn't be.
-
Matt Ball about 13 yearsHow many children can each node have? is there any limit? This sounds like an N-ary tree.
-
-
Brett G almost 15 yearsI don't know if these are suited for security applications... they seem to be used exclusively for employee in/out punching
-
squillman almost 15 yearsHeh. If I'm hung-over, though, typically I'm in no condition to negotiate the swipes :)
-
Zypher almost 15 yearsWe use a unit similar to this on our data center door. It works well and integrates with the badge system.
-
slothy almost 15 years@squillman, That's why you use RFID, no contact required.
-
J Sidhu almost 15 yearsIt is meant to be a Identity Verification System. It is definately suited to verify your identity so it can open the door. Time/Attendance mode is simply a feature that makes use of this service. T&A is disabled by default but can be enabled. We use this a lot of I have actually developed a lot of our own code to interface with these systems (14 devices so far...)
-
squillman almost 15 yearsGood point. I think that's still even a bit doubtful.
-
cas almost 15 yearsalso make sure that whatever the camera is recording to (hard disk, video tape, etc) is in another room or secured in a separate cage/box/safe with a separate key so it can't be stolen or destroyed by anyone who realises that they've just been caught on camera breaking into the room.
-
Alberto almost 15 yearsAuto-disengage on power failure - depending on the room, the lock configuration and local fire codes, you may not get a choice on this one. In any sane jurisdiction, you CAN NOT lock people in just because the power failed. So unless the lock is also configured with a manual exit, it MUST auto-open on power fail. You'd be surprised how uncommon the manual exit is. I've worked at places with electronic locks, where someone gets a call to come in when the power fails so no one can rob the place. Stupid? Oh yea. But a consideration none the less.
-
Alberto almost 15 yearsIf using that kind of mechanical lock, make sure you change the combo regularly, otherwise wear and tear on the keys will tell people which numbers are in the combo.
-
romandas almost 15 yearsA Kaba X09 plus a badge reader will take care of most anything.
-
cop1152 almost 15 yearsgood insight MK
-
johnie walker about 13 yearsCan you be more precise Matt? As you can guess, that method does not even compile.
-
Matt Ball about 13 years
false
is a boolean, not aTreeNode<City>
. -
Matt Ball about 13 yearsSorry, I left off the last case. It doesn't compile because you need to always return a
TreeNode<City>
. -
johnie walker about 13 yearsWhat should be returned is something of type TreeNode<City>, not boolean. I still need to fix the final "return false" part of the code.
-
johnie walker about 13 yearsYeah, that was what I cannot understand. I guess that should work, thanks Matt=))
-
johnie walker about 13 years!!! I guess that code also has a problem: The odd thing is that: Assume there is only one element in my tree. Then, when I try to add an element to my tree, the method works properly. However, when there are two elements(a parent and a child) and I search for the child, what is printed on the screen is "ccc" and what the code returns is null!!!
-
Matt Ball about 13 yearsI don't see any print statements in the code, so I really can't help there.