Unnamed Administration sources reported that N. Richard Solis said:
If you haven't worked in an environment where you had to turn in your
cellphone and pager at the front desk, show a badge to a camera around every
corner, and get your office keys from a vending machine you dont know what
real security looks like.
You missed the places w/ real security. That's where the very
polite Marine Security Guard with the 870 shotgun asks to see
your badge again...
Sigh, and in places with "real security" you rarely find enemies/competitors
sitting in the same room. Exchange points are like the United Nations,
not high security military bases. AMS-IX, Equinix, Linx/Telehouse, PAIX,
etc provide a neutral facility for competitors to exchange network traffic.
The facility operators provide a reasonable level of security, and try to
keep the diplomats from punching each other. Its in all (most?) the
competitors' self-interest to follow the rules.
Let's not lose sight of the purpose of colocation/exchange points.
If we start requiring you to be a US citizen and have top secret
clearance in order to enter a colocation facility, we've probably
decreased the usefulness of the exchange points.
Can we all stop talking shit for a moment?
Real security is when nobody can talk about it.
Regards,
> Unnamed Administration sources reported that N. Richard Solis said:
> > If you haven't worked in an environment where you had to turn in your
> > cellphone and pager at the front desk, show a badge to a camera around every
> > corner, and get your office keys from a vending machine you dont know what
> > real security looks like.
> You missed the places w/ real security. That's where the very
> polite Marine Security Guard with the 870 shotgun asks to see
> your badge again...Sigh, and in places with "real security" you rarely find enemies/competitors
sitting in the same room. Exchange points are like the United Nations,
not high security military bases. AMS-IX, Equinix, Linx/Telehouse, PAIX,
etc provide a neutral facility for competitors to exchange network traffic.
The facility operators provide a reasonable level of security, and try to
keep the diplomats from punching each other. Its in all (most?) the
competitors' self-interest to follow the rules.
Sean, I have to disagree with you. All the transport I've designed so far
works on the age old model that RBOC tech's don't care and they
have unescorted access to the cross connect area.
The actual colo area is where you have to worry about immature activity.
Since Sept 11, my experience probably doesn't cut the mustard, but that's
how it has been to this point.
Let's not lose sight of the purpose of colocation/exchange points.
If we start requiring you to be a US citizen and have top secret
clearance in order to enter a colocation facility, we've probably
decreased the usefulness of the exchange points.
I think my point above exemplifies this.
NO colo is secure from attack. No matter what they do.
Regards,
or you're standing in the parking lot, and suddenly find yourself
surrounded by men in suits carrying mac-10s.
richard
Who did you think held the cellphone and the pager? 
Sean,
For a lot of people, these locations are a place to store an entire web
presence. That might include order information or private email or credit
card records for an entire day's transactions. My feeling is that the
general purpose of security at these locations is to make sure that no one
is tampering with any equipment in any way, to include unauthorized removal.
That was the point of my previous email. The connections to those machines
and the data stored on them is what is of value in those locations, not the
physical security of the people.
Sounds like a nuclear power plant I used to work at. Except the nuke
plants don't trust the marines to do the job. They hire and train their
own security teams.
I had to go through more screening to work there than anything I've gone
through re security clearances and the government. The scary thing is,
(IMHO) the nuclear industry is being held up as the model for all other
industries re security.
Of course, there isn't the issue of many companies sharing one facility,
which makes things far more interesting. A colo is no place for guns,
imho.
Jane
David Lesher wrote:
Consider the various public statements on colocation security.
http://www.state.ma.us/dpu/catalog/6688.htm
"Verizon MA believes that the most effective means of ensuring network
safety and reliability is to eliminate physical collocation entirely in
all its COs, converting existing physical collocation arrangements to
virtual and requiring that all future collocation arrangements be
virtual only."
Of course, this is a very different colocation model than used by
companies such as Equinix. Just because they use the same terms doesn't
make them the same thing.
LOL, heck of a way to make it so they never have to sell another unbundled
network element.
Mike.
> Since Sept 11, my experience probably doesn't cut the mustard, but that's
> how it has been to this point.Consider the various public statements on colocation security.
http://www.state.ma.us/dpu/catalog/6688.htm
"Verizon MA believes that the most effective means of ensuring network
safety and reliability is to eliminate physical collocation entirely in
all its COs, converting existing physical collocation arrangements to
virtual and requiring that all future collocation arrangements be
virtual only."Of course, this is a very different colocation model than used by
companies such as Equinix. Just because they use the same terms doesn't
make them the same thing.
+----------------- H U R R I C A N E - E L E C T R I C -----------------+
The RBOCs have a long history of using the "security" card to attempt to
squelch the requirement for physical collocation by the FCC and the PUCs.
In my experience, the colo providers had more to worry about from the
employees of the RBOC w.r.t. equipment sabotage than other colo customers.
I saw this in Florida during the 95-96 timeframe and I'm sure that it's been
repeated elsewhere.
We have always had more of an issue with "Union Members" rather than
"Verizon Employees" per se. If you don't use Union Labor to install in
Boston or New York you had best have a secured cabinet or else 25 pair
bundles seem to spontaneously develop slices.
We have seen disgruntled Union members hit the EPO in data centers in
Union-friendly cities.
Not pretty outcome, no matter how much redundancy you have.
Fire code is not compatible with Union rules.
DJ
(Disclaimer, I have a completely unbalanced view of Union workers, all bad.
I know
there are good Union workers, but I have never met any professionally -- I
have met
plenty AFTER retirement though).
We have seen disgruntled Union members hit the EPO in data centers in
Union-friendly cities.Not pretty outcome, no matter how much redundancy you have.
I believe the Uptime Institute has some statistics showing EPO problems
are one of the top five reasons for critical facility outages.
Almost no telco CO's have facility-wide EPOs.
Equinix facilities do not have facility-wide EPOs.
Fire code is not compatible with Union rules.
The fire code is your friend. Learn it, use it, follow it. It doesn't
always say what everything thinks it says. Following the code, you can
build a telecommunications facility without an EPO next to every door.
These places do not have cameras and evidence that point to malicious
intent to destroy your network?
I'm sorry but that would make me just about irate, and definitely insist
on moving the equipment ASAP. I don't plan on paying for colo facilities
that I have any doubt in the integrity of the people with access to the
facility.
(Similar Disclaimer: I've never met a union worker that wanted to do more
for the customer, than for themselves. Their blatant apathy can be a
detriment to real work in times of emergencies.)
G
i've seen poorly trained, inexperienced electricians hit EPOs for
totally bogus reasons. putting a big red EPO button in front of them is
like dangling a shiney object in front of some people i know.
once at GE R&D, we had an electrician announce that "the room was running
on emergency power", so he had to turn the emergency power off.
richard
Bell COs do not have Cameras, at least not those in Verizon, Bell South, or
SBC land that we have seen.