The Most Vulnerable Networks – Facilities Network Security

FT Data Centers tackles the issue of facilities network security – one of the biggest security holes in the IT pipeline. If hackers begin to grow savvy to facilities networks they may quickly learn how to bring down even large, well established companies.

Have you noticed that the number of hacks is constantly increasing? My question is, how long will it be until someone hacks the most vulnerable piece of the IT pipeline? Today I’d like to talk about security, or more specifically, facilities security, or more specifically still, facilities network security. Ok. Let me step back a minute while I define my terms. Let’s look at our data center.

Data Center Facilities Network

Our data center has two CRAC units in it, one at either end. Also, there’s a little condensing unit and a UPS next to the data center. There are also three little server racks. Now these are all connected together in a network. This is the facilities network, these red cables.

These facilities networks are some of the least protected networks in all of networking. All of these units communicate together using SNMP or Modbus or BacNet or some other protocol. The problem with all of these protocols is that they transfer their data in an unencrypted. Also, a lot of the equipment on these networks operate with factory default passwords years after they are initially installed. I can name several default four digit passwords off the top of my head.

In fact they are readily available in the service manuals which you can search for online for free. Shutting down these units could cause your servers to overheat and literally shut down your data center. These units don’t even need to be connected to the internet to be compromised. Stuxnet, for instance, was probably introduced into the Iranian nuclear enrichment centers using a USB drive.

But there are ways to protect your facilities networks. First of all, make friends with your IT networking folks. They monitor network traffic and are better equipped to deal with intrusions than facilities operators. Connect to their network.

Second, create Vlans that can isolate systems to contain viruses if they should break out. Third, create a network topology that firewalls the facilities network from the rest of the network, and use robust encryption and security credentials for access. Fourth, change your passwords! It’s not that hard. If I walk into another data center where the default password is “password” I will lose all faith in humanity. There are many more ways to protect your facilities network. If you’re not careful, you could be the first big victim of the facilities hack that we’ve all been worried about for years. As always, thanks for watching and until next time, stay centered.