[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] OT: Co location sites?

Subject: Re: [cobalt-security] OT: Co location sites?
From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
Date: Tue, 29 May 2001 21:49:05 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

"Carrie Bartkowiak" <ravencarrie@xxxxxxxx> wrote:
> A super-soaker that can hold acid. Now that I'd like to see.

OK, something with a relatively high pH.  ;-)  I had read an article
recently in one of the umpteen internet/technology/ebiz magazines I am
bombarded with where a security investigation was performed at a top tier
data center (I want to say it was Exodus) after the same location did poorly
in an investigation a few months earlier.  The author commented that
customers were never searched and so a customer could pull a super soaker
from his backpack and squirt liquid into servers enclosed in a locked
cage...or could install electronic equipment to interfere with other
customers' equipment.  Considering the layers of security Exodus has in
place to prevent unauthorized access to a facility and to individual cages
it's pretty alarming that enterprise operations could theoretically be
brought down with a water pistol.  I haven't been in many data centers, but
I have some first-hand and second-hand experience with data centers where it
would be fairly easy to walk in and leave with someone's server...or state
that you work for one of the data center's clients and have them walk you to
the cage and let you swap out a hard drive.  Portsentry won't help you much
there.  ;-)  I've also contacted numerous data centers on behalf of my
clients and had the data center give me the client's login info without
asking or verifying my identity.  A few months ago one data center even gave
me the root login for a server with hundreds of sites on it when I asked
about the software installed on the server my client had a virtual site on.
Anyway, I let myself get way off-topic on an already off-topic thread, but
this stuff is definitely happening.  Be afraid, be very afraid.

> Btw Steve, do you regularly visit NOCs and shower the servers with
> super-soaker-spouted goo?

Not as regularly as I'd like.  <grin>

> (And if so, can I have your picture and physical attributes so that I
> can warn everyone?)
> *grin*

Well, since you asked so politely...my cell's ringing, I have to go.

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/

References:
- RE: [cobalt-security] /tmp/-v ?
  - From: E Venema
- [cobalt-security] OT: Co location sites?
  - From: Karen Coghlan
- Re: [cobalt-security] OT: Co location sites?
  - From: Steve Werby
- Re: [cobalt-security] OT: Co location sites?
  - From: Carrie Bartkowiak

Prev by Date: [cobalt-security] Double lines in hosts.deny
Next by Date: Re: [cobalt-security] OT: Co location sites?
Previous by thread: Re: [cobalt-security] OT: Co location sites?
Next by thread: RE: [cobalt-security] /tmp/-v ?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index