Page 686 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 686
locating these rooms on the ground floor, on the top floor, and in the
basement whenever possible. Additionally, the server room should be
located away from water, gas, and sewage lines. These pose too large a
risk of leakage or flooding, which can cause serious damage and
downtime.
The walls of your server room should also have a one-hour
minimum fire rating.
Making Servers Inaccessible
The running joke in the IT security realm is that the most secure
computer is one that is disconnected from the network and sealed
in a room with no doors or windows. No, seriously, that’s the joke.
But there’s a massive grain of truth and irony in it as well.
Carlos operates security processes and platforms for a financial
banking firm, and he knows all about one-way systems and
unreachable devices. Sensitive business transactions occur in
fractions of a second, and one wrong move could pose serious risks
to data and involved parties.
In his experience, Carlos knows that the least accessible and least
human-friendly places are his most valuable assets, so he stores
many of his machines inside a separate bank vault. You’d have to
be a talented burglar, a skilled safecracker, and a determined
computer attacker to breach his security defenses.
Not all business applications and processes warrant this extreme
sort of prevention. What security recommendations might you
suggest to make a server more inconvenient or inaccessible, short
of dedicating a vault? An interior room with limited access, no
windows, and only one entry/exit point makes an excellent
substitute when an empty vault isn’t available. The key is to select a
