Security of significant computer or network installations concerns not only the security of the computer and electronic hardware but also the protection of systems in general, software, user data, media library facilities, communications networks and the safety and well being of personnel.
These installations need to be protected against the effects of events such as fire, flood, loss of power, failure of air-conditioning and ancillary plant and damage by natural or man-made hazards. This chapter should be read in conjunction with the Physical Security Handbook.
During the planning of an electronic installation due consideration must be given to both the location of the building that will house the equipment and the placement of the equipment within the building as this has a direct effect on the overall security requirements.
The following factors must be considered when selecting installation sites:
Certain natural disasters could either severely damage the installation directly, or prevent its operation by unavailability of staff.
These include:
Electronic system installations might be popular targets for attack by politically motivated groups and individuals as well as by mobs. It is undesirable that an electronic system site should be in a vicinity with:
Even if the areas housing the electronic system equipment are well designed, there could be possible hazards from incompatible neighbouring accommodation both internal and external to the equipment such as:
The physical siting and location of an electronic system shall be planned with due regard to security considerations from the inception of the planning process. The effects of natural disasters, civil unrest and threats from incompatible neighbouring accommodation shall be taken into consideration when planning purpose-built electronic system installations.
Fire remains one of the most serious of all security hazards especially in data preparation and media library areas where large quantities of combustible material are present and electronic equipment is often allowed to run unattended. Detailed advice on fire precautions must be sought from local fire safety experts but the main considerations are:
The threat and impact of fire shall be taken into consideration when planning dedicated electronic systems installations.
The security of services and especially electric light and power should be considered where appropriate during the siting of electronic system installations. Provisions may need to be made to cater for a growth in requirements.
Standby power sources should be available for all systems where availability has been identified as important. Any emergency power supplies should provide no-break protection otherwise data will be corrupted during switching. It should be tested regularly and there should be sufficient fuel available. When the power load of a unit is extended, checks should be carried out to ensure the power of the standby source is sufficient.
Standby power should be invoked not only in the event of total disruption of primary power, but also at any time that primary power falls outside (above or below) the equipment manufacturer's specification. Standby power should also be available to ensure continued operation of all security monitoring and access control devices. The provision of adequate monitoring facilities should enable switch over to occur before the equipment manufacturer's specification is exceeded.
Electronic systems shall be safeguarded from the threat of disrupted electric power by the provision of standby power facilities where appropriate.
Power supplies used for systems containing high-sensitivity or high-availability applications and data must be monitored periodically to ensure sufficient quality of power for the safe and reliable operation of these systems.
Computer systems are extremely sensitive to the quality of power delivered. Good grounding, "clean" isolated power (no transient voltage spikes, brownouts, sags, intermittent losses) and reliable connections and cabling are essential. Preferably, these should be verified prior to the installation of a system.
For all applicable systems, the power conditions should be measured at the point where power is applied to the system cabinets or boxes. Periodic checks should be supplemented by checks done when known power conditions change due to modifications in electrical supply or load.
Power distribution panels, cabinets and rooms must be considered sensitive areas and protected appropriately.
For electronic systems requiring a controlled environment (temperature and humidity) main and standby air conditioning facilities should also be provided. Any vents to the outside should also be physically secured to prevent intruders.
The threat of electronic systems operating outside of their specified temperature and humidity ranges shall be minimised by provision of adequate equipment.
The location of electronic system equipment within a building, for example connection points, communications frames, has a direct effect on the overall security arrangements and must be considered carefully.
Ideally, computer and electronic systems should be located above ground level, but below the top floor and away from exterior windows. It is preferable that the installation should be windowless and with no equipment visible from outside the building. Windows not only represent a security hazard but also can have an adverse effect on environmental controls. All external signposts of the facility or obvious displays should be minimised.
Buildings housing electronic systems shall not be obviously marked or signposted.
General site security is never a substitute for control of direct access to the electronic system installation, which must always be a secure area in its own right.
Physical security is enhanced by enforcing several layers of defence, often called 'Defence in depth'. Access to the site should be controlled through a manned station which, in turn, regulates entry to buildingsÑspecifically those housing important electronic systems. Further access controls can then be enforced at the entrance to the general computing area, and again at the doors to rooms containing the computer and electronic systems, communications plant and media library.
In summary, access to the actual computing and electronic system facility must not be possible except
For more specific advice and guidance, refer to the Physical Securiy Handbook.
In the design of systems, physical access controls shall be implemented so as to prevent unauthorised access to sensitive areas.
Small installations which cannot economically justify a manned station but use access control methods shall record the issue and receipt of keys, and, where oractical, their use.
Sensitive installations in unattended buildings should be physically secure and alarmed through to an alarm monitoring station.
In the planning of accommodation and siting of electronic systems attention shall be paid to the recommendations and guidance documented in the Physical Security Handbook.
Subject to fire regulations, there should be a minimum number of physical access points to the secure area housing the electronic system installation, preferably one usual portal and one emergency exit, the latter opening outwards only from the installation.
Even if authorised staff are present in the vicinity of computer and electronic systems, all routes of entry should normally be locked; the use of self-closing and self-locking doors is recommended.
In addition to the access controls, physical protection for the data itself must be provided. A Data Cabinet or Data Safe is used to protect magnetic media against hazards such as Fire, Dust, Pilferage, Accidental or Malicious damage and the effects of water from sprinklers. Where the information recorded on the magnetic media warrants a higher level of physical security, the Data Cabinet or Safe should be kept in a Strongroom or a proprietary Security Safe.
IN CONFIDENCE and encrypted IN STRICTEST CONFIDENCE marked media may be stored in Data Cabinets, provided correct procedures are in force for the control of the data cabinet keys or combination locks. Unencrypted IN STRICTEST CONFIDENCE marked media may also be stored on an occasional basis. For regular storage of small quantities of IN CONFIDENCE or unencrypted IN STRICTEST CONFIDENCE marked media, a data insert for filing cabinets is available which may be used to store such media in approved security furniture.
For further advice, refer to the Information Security Code.
There are standing arrangements for the purchase of Data Safes; refer to Chapter 10 for further information.
Access to sensitive computer and electronic system installations should be allowed only to those with a genuine need to perforrn their duties. Other personnel (maintenance engineers, cleaners) must conform with a formal logging procedure for entry. They should be accompanied at all times. A visitor remains the responsibility of the host for the duration of the visit.
All personnel, including visitors and non-BT staff such as cleaners and maintenance engineers, must be issued with passcards. The style of the passcards should be such that the bearer can be identified as regular staff or a visitor, as such, the passcard must be displayed clearly at all times whilst within the building.
Special consideration should be given to controlling the access of ancillary personnel such as cleaners and service engineers (BT and non-B. Temporary changes such as building work or accommodation moves must not be used to justify a relaxation in procedures. Special arrangements should be made to accommodate these.
Only authorised people shall have access to sensitive areas. Procedures shall be in place and maintained to control the access of external maintenance engineers or other personnel.
Passcards shall be issued and worn at all times. Their style shall be such as to enable a clear distinction between regular staff, BT and non-BT visitors.
For specific advice and guidance, the Information Security Code applies.
Although BT wishes to maintain good relations with the community, general visitors are not permitted into operational computer centres. Visits to associated premises may be permitted but should not be actively encouraged. Any request for a visit should be considered on its merits by local management.
When a visit is arranged, the following measures must be taken to minimise the risk:
Local rules governing visitors and visits shall be documented. Visitors shall be guided so as to exclude them from all sensitive areas. Refer to the Physical Securi Handbook for guidance.
Controls against unauthorised activity are essential on electronic access to computer and electronic system facilities, in particular over communications links but also to computer and electronic system consoles. System or master consoles usually provide access to highly privileged activities, for example system administration and software or machine maintenance; others may provide enhanced operator privileges necessary for efficient machine usage.
Master consoles must be located in the most physically secure environment available within the computer and electronic system building complex to prevent unauthorised use of the console. The consoles must be sited so that use may not be overlooked and cabled so that their traffic cannot be intercepted.
Access to master consoles must be restricted and all operations recorded. The log or journal should be regularly scrutinised to identify any signs of irregular or unauthorised usage.
Procedures concerning the proper use of primary system consoles or system terminals shall be documented and the application of those procedures enforced.
Terminals outside the computer and electronic system room should not have access to operator or other special privileges. Other users which might need access to privileged commands might include software support groups, network management groups and remote software engineers. If privileged access is required, and the temporary use of a terminal other than the primary or system console cannot be avoided, its use should be strictly controlled, supervised and, in some circumstances, audited.
Terminals located in non-BT buildings deserve special attention to ensure that their use cannot compromise the security of BT systems to which they may be connected.
All communications equipment must be sited in a physically secure environment within the installation and must be subject to their own restricted access controls. Where it is not possible to locate communications equipment within dedicated accommodation then the equipment itself should be physically secured in purpose built lockable furniture.
Cable entry points, risers and runs shall be provided with adequate protection to prevent unauthorised access, and accidental or deliberate damage.
Communications equipment shall be located in its own secure environment or in secure furniture and subject to restricted access control appropriate to the sensitivity of the data being communicated.
Special care must be taken to safeguard media libraries and disaster stores. Data held in a compact form is particularly vulnerable to accidental or malicious damage and its security depends on physical protective measures, access control and staff reliability.
Both the media library and the disaster store must be restricted to specifically authorised staff.
The disaster store must be sited so that it will be unaffected by any incident at the computer centre. It must also be sited so that the contents are not affected by strong electromagnetic influences. See the Physical Security Handbook for further guidance.
Any disaster store shall be physically protected and remote from the computer centre. Access to the store shall be governed by local operational instructions.