I have received inquiries regarding my Datacenter Physical Security Blueprint . The questions were about the deadman door and how one works. So, here is a short definition, functional specifications and a blueprint of a dead-man door

A dead-man door is a high security access portal. For a movie representation of the deadman door, i refer you to Sneakers ("My name is Werner Brandes. My voice is my password. Verify me") The idea is to have two separate authentication processes, with the second one being performed while the authenticated person is 'trapped' inside a reinforced enclosure.

The second authentication is made against several biometric attributes of the person which are stored in a database, and always include weight measurement, thus preventing a second person 'piggybacking' with the first person.

I recommend a retina scan and weight measurement, since a fingerprint is very easy to fool - even seen on Mythbusters

Blueprint


Functional specification of a dead-man door
For the purpose of the specification, the doors of the dead-man door will be named:

• inside door - connecting the deadman door to the highly secure area


• outside door - connecting the deadman door to the rest of the facility

1. The deadman door should comfortably accommodate 1 person


2. The entire floor of the dead-man door should be connected to a scale sensors for weight measurement


3. The inside wall surfaces of the deadman door should be smooth and not have any ledges which may be used to trick the scale by supporting oneself on them


4. Both doors of the deadman door must open outward from the door enclosure.


5. Doors should be bulletproof, and at least 50% of the door surfaces should be bulletproof glass - preferably standard EN1522, class FB2 or higher (stopping a 9mm Luger fired at 5 m). Both doors should be equipped with door closer to close the door without human intervention


6. Both doors of the deadman door must be equipped with electronic locks controlled by a common controller. All electronic locks should have a mechanical lock override for emergency conditions. Both doors of the deadman door must be equipped with minimum two open-door sensors. (for redundancy)


7. When entering the dead-man door, each door should open under the following conditions - approved authentication (key card or key card + pin keypad) and other door lock is locked and there are no open door sensor alerts on the other door.


8. The person inside the dead-man door should have a selector to indicate in which direction he will go (which door to unlock)


9. When inside the deadman door, each door should open only under the following conditions - the other door is locked and there are no open door sensor alerts on the other door; approved biometric authentication and weight of authenticated person is within acceptable variation of database value - biometric authentication should always authenticate to the parameters of the person whose key card was used to enter the dead man door.


10. A mechanical override (unlock) of any door should always raise a silent alarm - regardless of conditions. All sensors and authentication mechanisms of the dead-man door should be connected to a central monitoring and alarm system, and each non-normal event should raise at least a silent alarm and lock the deadman door.

Panic conditions

A dead man door is a very powerful system access control system, but can be very dangerous if panic conditions are not taken into account.

1. Automatic controls - a predefined timer for passing through a dead-man door must be set-up. If within that time the second door does not open and close, an immediate alarm should be raised - this will deter attempts to tamper with the biometric authentication or locks as well as prevent an unconscious human to remain trapped in the door for a prolonged amount of time


2. Human sickness/panic - a large and visible panic button must be present inside the deadman door, to be activated upon human sickness/panic. Upon pressing this button, an alarm should be raised, an audible alarm with independent power source should be triggered and the electronic locks of the outside door must be unlocked.


3. Fire - the inside of the deadman door should have a fire sensor, and may have even a sprinkler system. Upon detecting a fire, the sprinkler system should be activated (if placed), an alarm should be raised and all locks of the both doors must be bypassed and unlocked.


4. Power outage - all door systems and authentication databases must have a UPS which will provide power surge and brownout protection, and will provide independent operation in short periods of power outage.

Related posts

Datacenter Physical Security Blueprint

The Cost of Datacenter Physical Security Blueprint

Talkback and comments are most welcome

Having a perimeter security is one of the imperatives of a well implemented information security policy. But having a too strong perimeter security can also backfire, and create a security hole for which the organization is rarely aware.

The US customs officers have the right to search and copy all electronic devices if they deem the traveller as suspicious. Washington post did a great text on US border security

Here i would like to include my favorite quote from Leon, the scene of the Fat Man assassination: "Somebody's coming up. Somebody serious."
I can guarantee that this method will yield nothing on an expert attacker. Since the US customs started the laptop searches, a lot of companies require their employees to wipe their laptops prior to travel to the US, and to use VPN to access confidential data. This method is deemed much more secure for the companies, since even if this data is intercepted, only minute segments of information will be revealed , compared to the full contents of a corporate laptop.

For any illegal activity, a most probable rule is that information should only be contained in one's head, not in one's laptop. Even if access to information is needed, it will be accessed through the Internet, after initial entry into the premises (country) is achieved. There are very simple and free ways to transfer data via Internet services:

1. Steganography in images, MP3's, even ordinary program files, containing pieces of encrypted information.
2. FTP of encrypted fragments files (Encrypted, reordered and broken up in small out of sequence fragments)
3. Encrypted VPN access to remote site/server to content written in code or obscure language

Now, let's apply this methodology to a private company enforcing strong perimeter security. Naturally, full body search or copying data from a visitors laptop is ridiculous, and it won't be applied. What other methods are applied, they will do little good if once you allow an intruder past the perimeter you apply very little measures to deter any wrongdoing.

Here are two very simple examples

Example 1 - Unsecured Network Access inside the Corporation

1. A serious man enters the company premises carrying a bag
2. Security checkpoint will check bag contents and conclude a visitors laptop on premises, but will definitely allow the laptop to be taken in.
3. If the premises contain visitor accessible LAN outlets or unencrypted Wireless LAN inside the building, the serious man will connect, and collect information or launch an attack from the inside.
4. Upon vacating the premises, the serious man will again be subject to checkup, and again, he will have nothing out of the ordinary.

Example 2 - Unsecured Documentation

1. A serious man enters the company premises carrying a bag
2. Security checkpoint will check bag contents and conclude visitor branded documentation, and definitely allow the contents to be taken in.
3. The premises contain paper recycling bins, which are user accessible, or employee awareness is lacking so empty offices are left unlocked.
4. The serious man is able to collect any number of internal documents from the bins or empty offices and place them inside his own branded envelope.
5. Upon vacating the premises, the serious man will again be subject to checkup, and again, he will have nothing out of the ordinary, his own documentation are not unusual

Just as in the case of US border security, a company strong perimeter security will do little to increase the overall company security if it stops at the door. The company has to apply a commensurate level of security across the entire organization and make it as hard to stop as possible. This is the only way to capture the really serious men.

Related posts
Datacenter Physical Security Blueprint
DHCP Security - The most overlooked service on the network
5 Rules to Home Wi-Fi Security

Talkback and comments are most welcome

I have received a couple of e-mails about the Datacenter Physical Security Blueprint with comments that my blueprint is too movie-like, and that it is way too costly to implement.
So i did a little shopping around, and i requested budget prices for every element of my Blueprint (budget prices are usually higher then purchase prices, since they are a non-obligating quotes for budget estimation).
Here is the math. All prices are in US dollars

Security equipment

• 9 CCTV cameras with infrared sensors - 130$ a piece = 1,170$
• 8 Glass break sensors - 45$ a piece = 360$
• 8 Motion Sensors - 30$ a piece = 240$
• 4 KeyCard readers (with combined electronic/mechanical lock and open/closed status sensor) - 150$ a piece = 600$
• 2 KeyCard readers with Keypad (with combined electronic/mechanical lock and open/closed status sensor) - 160$ a peice = 320$
• 1 Biometric reader = 700$
• 1 Alarm controller = 600$
• 1 Access/Keycard reader controller = 400$
• 1 CCTV recorder = 4,000$
• 2 CCTV monitors (one on reception and one in SysMonitoring) - 500$ a piece = 1,000$
• Cabling and infrastructure = 1,000$

-------------------------------------------------------

• Security equipment Total = 10390$

Dead man door

Option 1 - A full turnkey solution, with internal scale for person measurement and bulletproof doors with glass windows capable of stopping 7.62 caliber ammo (Think AK47) = 12,000$

Option 2 - A integrator made solution, with same capabilities as Option 1 but takes more space = 8,000$

-------------------------------------------------------

• Grand Total = From 18390$ to 22,390$

Last time i checked, that was the price of a Ford Fusion (US vehicle) or a Honda Civic (European vehicle).

Related posts

Datacenter Physical Security Blueprint

Talk back and comments are most welcome

A very important aspect of Information Security is physical security. A significant amount of security incidents are found to be performed utilizing some vulnerability of the physical security.

So, here is a set of rules to create a blueprint of physical security of a IT department and data center for a company.

1. The system room must not have windows. Ideally, it should be in the center of the building.


2. All equipment that is not used must be stored in dedicated storage space, away from production environment


3. All high security spaces should be monitored by CCTV cameras.
   
4. Access control zones must be implemented, to create a security barrier as well as provide a log of access activities. These are created by doors opened by electronic key cards or multiple-factor authentication.
   
5. All windows should be fully tempered, and equipped with a glass break sensor connected to a central alarm system
   
6. All spaces that don't have 24/7 access should have motion sensors connected to the central alarm system.
   
7. The design of the environment should enable technical service personnel to operate with minimal risk of unauthenticated access to data
   
8. All alarm events and CCTV control should be under maximum security but should NOT be accessible by IT personnel
   
9. Paper, optical and magnetic data carriers should be handled in a controlled environment, and properly destroyed prior to discarding
   
10. High security environment should always implement multi-factor authentication.

The following image presents a concept for an IT department and System room environment that follows the presented set of rules:

The set-up of the environment is the following:

The reception area is the only way to access the entire floor, and everyone accessing this space is recorded on the CCTV camera. The access to the rest of the floor is restricted by an key card controlled door.

The Communication Room is also in the reception area, and it is accessible by a key card and PIN controlled door. It houses access panels where the communication providers (Telecoms, Internet, VPN etc.) terminate the purchased links. This is the last point where a representative of the telco providers can access to configure connectivity. The comm room has to be opened by an authorized System Administrator, so the telco provider's person is always escorted by an authorized person.

All the corridors in the space around the data-room are under CCTV surveillance

All offices have windows made of tempered glass that cannot be opened and are equipped with motion sensors which activate after 7 PM.

Support center which is manned 24/7, the toilet and the equipment storage room are the only rooms without motion sensor. These spaces can be used 24/7 so there is no point in placing motion sensors.

All documentation photocopying and destruction is performed in a dedicated room equipped with proper devices (shredder, degausser).

Dedicated storage space is used to store all unused equipment, which is accessed by a key card controlled door and is also monitored by CCTV.

The data-room is central to the floor, and has strengthened walls (Blue walls). The data-room is divided into two segments:

• Pre-system space - this space is accessible via a dual key card door, which opens only when two persons use their key cards simultaneously. The Pre-system space contains the supporting infrastructure, which is placed outside of the system space to minimize risks of battery or coolant leaks, and to allow service personnel to access and service this infrastructure without having access to the actual servers.


• System space - this space is accessible via the dead-man door, which is actually a very small corridor (only fits one person at a time) with two doors at the end. If one of the doors is open the other is automatically locked. In order to pass through the dead-man door, one must pass a multi-factor authentication: He/She needs to present his key card (something he/she has), type in the corresponding PIN (something he/she knows), and after entering the dead-man space, he is measured to verify the stored weight of the person, and a biometric verification is performed - retina or fingerprint (something he/she is).

The system space is under constant CCTV surveillance, and it also contains a separate small electronically locked space where the security controllers reside, to isolate these controllers from the SysAdmins.

Download the full resolution blueprint HERE

Related posts

5 Rules to Home Wi-Fi Security

Talk back and comments are most welcome