Tuesday, October 14, 2008

Social Engineering in the Data Center

I listened to a TWiT podcast recently with the one and only Kevin Mitnick.  If you don't know who Kevin is, follow this link and see his story -- he is a pretty amazing security expert who has been through a lot.  There was an interesting part in the story he was telling on TWiT about HID proximity card spoofing.  The spoofing has been around a while, but he makes it sound pretty easy.  Kevin is widely known for his social engineering.

Via a tweet from @ciscoDC tonight I also read a very interesting paper on data center security.  It covers the physical side of security for a data center and related social engineering that can go on.  I think so much effort is put into digital security and facility security, that the people and process side of the business get ignored.  This paper does a very good job of conveying the importance of people and processes.  
"A terrorist isn't likely to be walking in with guns blazing and take over the building, but rather play a game of invisibility and misdirection, taking advantage of the very nature of "good-willed" or ignorant individuals...these external tests can help identify these weak areas."
Check the paper out here.

Also along the process side of things -- check out an Uptime Institue paper on using ITIL to gain data center efficency.  

No comments: