Looking for Nontraditional Infrastructure Holes

A few weeks ago, in my commentary "We Are the Weakest Link," (http://www.windowsitpro.com/WindowsSecurity/Article/ArticleID/94952/WindowsSecurity_94952.html ), I discussed the fact that human-engineering attacks have remained surprisingly effective, while various forms of electronic attacks have come and gone over the years. A few recent events reminded me that these types of attacks--which typically use email messages (including phishing attacks) and malicious Web sites to fool innocent users into coughing up personal and private corporate data--aren't the only major nontraditional (i.e., not completely electronic) problems facing IT pros today. So this week, I present two nontraditional issues: One is a financial matter, and the other is a security concern.

If you've worked in IT for any amount of time, it probably doesn't come as a surprise to hear that the cost of running and, perhaps more important, cooling data centers is astronomical and rising all the time. However, you might be surprised to discover how bad it's gotten. According to a recent study conducted by Stanford University and commissioned by processor maker AMD, energy consumed by data centers doubled between 2000 and 2005. The costs include electric, cooling, and other infrastructure expenses.

Most of the reason for the jump in costs--about 90 percent--is due to a growing number of inexpensive, low-end servers that went online during that time period. But clearly, low cost in this context applies only to the original purchase price. To put the actual cost in perspective, consider these numbers from the study: The total energy consumption bill for US-based data centers was $1.3 billion in 2000. But it jumped to $2.7 billion in 2005. Worldwide, the numbers jumped from $3.2 billion to $7.2 billion during the same time period.

Not surprisingly, many enterprises and other businesses are looking into or already implementing server consolidation strategies, virtualization solutions, and other ways to combat a glut of physical servers. Buying more efficient hardware also helps, and--surprise, surprise--survey commissioner AMD just released a more efficient line of corporate-oriented processors. But processors aren't the only energy sink in a typical server: Many older servers have incredibly inefficient power supplies as well.

In "We Are the Weakest Link," it turns out I inadvertently overlooked a major issue in many data centers and other secure environments, though even here, the line of attack is coming from an unexpected quarter: Smoking isn't just dangerous to your health. It could be dangerous for your enterprise as well. Penetration tests from NTA Monitor in the UK show that smokers who routinely go outside corporate buildings open up their employers to physical theft and on-site electronic attacks, because their entry and exit points are often unlocked and unguarded.

This is problematic because once an intruder gains physical access to your infrastructure, the available methods of attack become greater and simpler to implement. So although companies have reacted to emerging laws and social pressures to force smokers outside, the trend might ultimately hurt companies in other ways due to lax physical security. It's something to look into, certainly.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.