Thoughts on premise security.
Alvin Oga
alvin at Mail.Linux-Consulting.com
Fri Oct 17 16:52:55 PDT 2003
On Fri, 17 Oct 2003, Michael T. Halligan wrote:
> I'm building a secured call center for a customer of mine, and security
> is our top concern due to the sensitive nature of the data our callcenter
> reps will be dealing with. The office is less than ideal, but workable,
> for this type of environment. It's less than ideal because it's not a
> 100% sealed off from the rest of the company, there will be 2 executives,
> 2 programmers, and myself on a part-time basis in the office as well. Eventually
> as we expand the call center will be moved into an office that will have a mantrap
> and security guard to inspect everybody before they enter and exit, but for now
> there are compromises to be made.
>
> Here are some of the steps I'm taking to ensure the best security I ca,
> let me know if you've got any ideas.
sounds like fun
> 1. None of the callcenter people can bring anything in and out of the building
> except lunch. Lunch is to be carried in clear plastic bags we're assigning
> to them, and which will be inspected every time they enter or exit the premise.
provide free lunch ... $5/person for lunch is minimal costs compared to
the risk of stuff/data leaving the office
- free vending machines for water, drinks, ...
> 2. Nobody in the callcenter gets a PC on their desk. They get a wyes terminal
> connected to a citrix server, which allows them to do their work. The usb ports
> on the wyse terminals have been physically disconnected on the inside, as well
> as glue-gunned. Tamper-proof security tape has been put on all seams of the
> terminal.
good .. :-)
but no such thing as tamper-proof ... if the seal is broken ... its too
late that they could have connected a usb device to the reconnected wires
( takes some skill to get that far though )
> 3. The call center application, citrix server, and dumb terminals, are all physically
> connected to a switch that nothing else connects to. No internet access.
good ...
> 4. Only the ceo, coo, and myself will have access to the combination for the safe
> where the keys to the pcs and keys to the wiring closet/server room. a log must
> be filledout every time the electronic safe is opened, and every time the datacenter
> is entered.
make it an automated log... people willalways forget to log their use of
the key
automated log, they have to enter a code or swipe a card key to get access
to the room w/ the safe etc where the key is kept
$ 100 card swipe box .. rs232 interface
> 5. The pcs for corporate staff all have tamper proof tape covering all the seams, locked
> cases, chained to desks.
and no cdrw drive
no floppy
no active firewire connections
no active usb connections
no active sound/microphone ports
( you'd be surprised how many secure servers had these devices )
"no crt to take picures of with your cell phone or digital camera" :-)
> 6. Cameras on every doorways, recorded onto a hard drive, backed up weekly and stored for
> 7 years at an offsite secured storage company.
backup daily .. :-) or hourly ...
if someone is gonna tamper with the system security, you do NOT want to
allow them a week to figure out how to erase the evidence before that info
is sent off somewhere else
the recording device ( with camera connection ) has no login consoles ...
( not even local login .. you have to reboot it to get a console ?? )
which sets off all kinds of alarms ??
> 7. Address of office is not advertised anywhere, all mail goes to a post office box.
good
same for business cards ?? and reverse phone number lookups
and what happens if they disclose the physical address of where they work??
- does the spouses also get to sign the NDA and other "keep it
secret documents" ? or lose the job ... and financial penalties
( motivation )
> 8. All corporate email goes to a relay at the datacenter, which then relays mail to
> the office. All outgoing mail has headers rewritten so that the ips of our corporate
> office are not advertised.
:-)
> 9. All phonecalls are recorded, indexed by case number (callcenter advocate must enter
> in a case # within first 60 seconds of an incoming call or call is disconnected, outgoing
> calls must be entered with a case number before they can be made.), and archived for 7 years.
all this is automated by the pbx .. not manually logged ... :-)
how do you disable / disallow cell phones and personal calls inside the
secure area ??
- cell phones have camera's now days
- how do you detect that a cell phone has gotten in and is turned on
> 10. For programmers to push code onto app server, they do a build, put it on a cd, give it
> to me, and I walk it into the datacenter and install the build. All the cds are archived
> and signed by the programmer & myself.
and you test it on a duplicate identical clone server, to confirm those
changes works and wont break anything ??
- all testing is automated to confirm its functionality as
it was before its upgrade
> 11. Janitorial staff gets background checked and bonded, as well as supervised while they
> work.
check on the validity and get listed as a co-insured on the bonds and
insurance policy
- if you're not on the policy, you can't collect on it
> 12. All employees are very thorougly background checked.
using your own resouce and info .. not phone and address they gave you
> 13. Biometrics & card scanners on every door.
fun stuff
> 14. Copier requires case #.
copies w/out connectivity
or if it does have connectivity, a copy of each "start copying" button
also forces a copy to be sent to the "camera servillance" server
have a camera pointing at the copier .. :-)
> 15. All faxes and emails sent and received are sent through one central "communications station"
> where the controller has to approve everything, and often have a lawyer approve everything
> as well.
:-)
> 16. Windows are sealed and shaded with film.
with anti-emi deterants looking thru glass
> 17. All possible eavesdropping spots we could find have been soundproofed (pretty intense.. basically
> all walls got hit with stehocopes while pople talked at loud volumes to make sure there was no way
> to listen through doors/hallways).
and the air conditioning ducts..
and electical outlets and light switches and phone wires
and the steel beams and pipes that conduct sound ... :-)
and all the wires (any metal) in and above the ceiling and floors
> 18. Everything except mailserver gets shut down at 6pm via a password protected reboot switch that
> can only be accessed by ceo, coo, director of ops, and myself.
and a motion detector, light sensor and sound sensor and emi sensor and
weight sensors and infared laser beams etc gets turned on
> 19. Telephones cannot be used until user has both authenticated via rsa onto their terminal, and
> entered a password to turn their telephone on.
:-)
> So that's tthe basics anyways. I'm doing everything here from specs, purchasing, implementation of all
> corporate, call center, and web/colo work, so I'm doing my best to cover all of the bases. They
> basically said "be as paranoid as you can", so I'm trying that. Any other good paranoias I've missed?
where is the backups kept????
- it should be equally secure or even more secure than the
data/call center
do you have at lest 3 servers for each function,
- what happens when the one server dies for whatever reason
( you need a hot swap replacement within seconds )
- what happens when the incoming t1 dies ??
- what happens when the switch is hacked/dies
- what happens when the camera system dies
- what happens when building loses power
- what happens when the building loses its air conditioning
- what happens when the rsa authentication server dies
- what happens when the pbx is hacked
- what happens when the fire dept or police dept says
"evacuate the bldg now" !!!
- what happens when the copper leaves the secure office and goes
to the central building incoming telephone connection
( just like on tv .. easy enough to do w/ the right equipment )
so many ways to be paranoid ..
c ya
alvin
More information about the Baylisa
mailing list