The previous post looked at users and the unintentional threats they can create. Now let’s get hands-on with the systems:
Dave is responsible for adding, upgrading and repairing systems. Without Dave, things will quickly go downhill in your data center.
While Dave is responsible for maintaining system integrity, he can also compromise it:
- A drive has failed in a RAID5 set. You need to replace the failed drive and rebuild the RAID. Oops! Pulled the wrong drive. The RAID set has gone from degraded to dead. Time for a recovery operation!
- Server17 in a rack of 36 1U “pizza box” servers needs to be power cycled. Dave hits the power button on Server18…
- There is a short circuit in power distribution unit in the server rack. Now you have 36 systems down!
- Dave moves the wrong network cable in the wiring closet.
- Don’t even think about what happens if Dave slips and bumps the Big Red Button!
And if Dave happens to be malevolent, he can do things like:
- Slip a laptop or other small computer into the wiring closet and have it snoop the internal network for data.
- Connect internal networks directly to the Internet.
- Steal parts, supplies, and even complete systems. Look at the number of cases where good boards are replaced and then sold on Ebay…
Basically, Dave is a proxy for all of the physical threats to system integrity that can occur in the data center.