Escape from Data Alcatraz

nihilist_1137 writes "Zdnet is reporting on a new information facility that is built to surive the worst.Triangular in shape, two of the sides house offices while the third, a large rectangular block if taken in isolation, contains two data centres, as well as the infrastructure to ensure that Web sites continue to function come fire, flood, natural catastrophy or foreign invasion."

Odds..

[dj28]

I would much rather have a data center that concentrates more on getting patches and other server-based security issues applied rather than chasing the very slim chance of a foreign invasion. I think it's more likely for someone to crack my colo than it is for a fire to melt it.

What for?

[chrysalis]

This is nice, but it protects a single point of failure. If you want to take these servers down, just attack the provider they depend on...

Re:What for?

[SerpentMage]

Exactly. The problem with this kind of thinking is that it is mainframe thinking all over again. The key to keeping things up and running is to make it redundent.

I find it so sad in the information world we keep thinking single data point and single information point. And people keep thinking things like FreeNet, GNUTella, etc are just "copyright" violators. In fact they are the future of the Internet. But the suits would much rather sell single point of failure systems.

C'est la vie, maybe one day

Re:What for?

[foobar104]

http://www.hostworks.com.au/networks.html

Remember back in 2000 when an accident took out a huge fraction of Australia's international bandwidth? Better make sure those "divergent path links" don't just end up in the same undersea cable....

Good Investment

[Rebel+Patriot]

At first this seems almost like a joke. Who would invest this much time and energy into such a fortress just to house data? Well... banks for one. Imagine banks from around the world storing their data here in a highly encrypted form, updated at least daily. it would require alot of bandwith to say the least, but wouldn't that security be worth it to investors?

Less crucial information that needn't be updated regularly could find a home here at a discounted price. Take for example, building plans. Every city, county, and State in America has a plan somewhere for every building its ever built that lists (among other things) the locations of all wiring and plumbing. This isn't terribly confidential information (though it very well may become so for large buildings with a realistic threat of terrorist attacks) and could be modestly encrypted with read access only granted to the owner.

Copyright owners might be interested in it as a way of saving back-ups of their paper-work that cannot be destroyed by some freak accident.

I for one don't like these ideas because they represent too many eggs in one basket. When information security is required, it is my personal belief that having it stored in a known location that every hacker in the world would drool over to get inside is a bad idea. History has shown, however, that not everyone (indeed few people) listen to me.

Re:Good Investment

[Nelson]

Has a bank's data security been compromised lately?
That's how I'd temper the worthiness of something like this.

Re:Good Investment

[2Bits]

Copyright owners might be interested in it as a way of saving back-ups of their paper-work that cannot be destroyed by some freak accident

That's easy. Publish it on the usenet. Short of total Earth destruction, that piece of work will never get lost.

History

[legLess]

Remember the Maginot Line? Impregnable? How easy was it to get around that? Data is useful in direct proportion to its accessibility - cut the connections into this place and it's toast. No frontal attack necessary.

Also, the article says they can expand capacity 300%. Frankly, that sounds like pretty short-term planning to me. In my experience, it's a rare data store that doesn't double in size every year or two.

Still, it sounds like a cool place, and probably has a better climate than Sealand :)

Re:History

[Geek+In+Training]

Also, the article says they can expand capacity 300%. Frankly, that sounds like pretty short-term planning to me. In my experience, it's a rare data store that doesn't double in size every year or two.

Right you are, but of the giant space they've already allocated for racks, how much is currently used, like 5%? Your comment seems to assume that 100% of their racks are already full.

I'd imagine they set up a giant space for 24 months worth of business growth to fit in, and put in a contingency for 300% above *that*. That way they can see how the demand acts over the next year or two, and react accordingly by adding more physical space.

That's just my SWAG*, though.

*For newbies, that's "Scientific, Wild-Assed Guess."

Looks nice, but...

[inerte]

... traditionally, data is not cracked by attacking its physical form. Kevin Mitnick :-) always said the easier way to get information was only some small and simple conversations with people who work where one wants to crack.

"So, where do you go on vacations? Are you married? What's your spouse's name? What's your favorite sports team? Any music style preferred?", etc...

and this means what?

[Xaleth+Nuada]

It's an impressive building designed to withstand all sorts of disaster movie ideas. So what?

As we've all seen time and time again the real threat to computer systems does not come in the form an earthquake, tidal wave, or random highjacked 767. The real threats rear their ugly heads when some idiot user doesn't update his M$Outlook security package, or takes his password out of the dictionary.

I'm not trying to say that physical threats to computer systems aren't important. By all means they are usually the last thing people think about. But the data here is only being protected from physcially being damaged and or lost. There's nothing in that article about firewall's, encryption, open access ports, faulty software, defective hardware, etcetera ad naseum.

The protection of data by the building is just one part of the problem of everything becoming digital. It's by no means the end all solution.

Re:Secure vs. Secure for Real

[Ravensfire]

Ahh, but that's probably not their concern! The clients, who are using the machines, should be responsible for the electronic security of the machines. This facility covers the physical security of the machines.

Wow... This is just too easy....

[Peridriga]

Simple way to take down the site....

3 Letters.... E M P

Haha!!...

Re:Wow... This is just too easy....

[wedg]

Actually, the reinforced concrete (crossed steel bars within the concrete) usually creates a sort of makeshift Faraday cage which effectively negates most EMP within. The guys over at NORAD and ze Pentagon have known this for a long time.

But it does depend on whether the building is reinforced, and how long the steel cabling is within it, etc. But the effect should not be so severe, reguardless. And remember, the EMP only affects unshielded electronics. They could simply invest $100 in wiring and build a giant Faraday cage around their server farm.

Sure, it's secure, but...

[billmaly]

Wouldn't the best security (or at least pretty good) be to NOT advertise it on one of the most heavily trafficked sites on the net? I mean, if you want to physically destroy servers and the hardware that supports them, don't you need to know where they are? Thanks to ZD's article, now we and all other nefarious types know. Thanks John Dvorak! :)

Security through obfuscation

[UberQwerty]

Making a big, strong safehaven like this and telling everyone negates its effects. Telling everyone about how great your security is gives it a shorter lifetime than the completely not-scure (either from hacking or from "foreigh invasion") computer I'm using to type this. A shitload of physical defences and paranoid geeks are great for security, but not nearly so good as keeping a secret.

I say build it in the middle of a desert, six feet underground, under cover of night.

Re:Foreign Invasion?

[MisterBlister]

Why not just try installing a video camera in a concealed location?

I'm no lawyer, but I don't think the "glowing hands" argument would stand up in court.. How do you know the guy didn't just touch the coated box, previous to it being stolen? Unlikely, perhaps, but perfectly plausable.

The real threat is made out of dead trees

All the nickel metal hydride UPSes in the world won't help much in the event of someone showing up at the door with a piece of paper that has laser toner sintered onto it forming the letters S-U-B-P-O-E-N-A, or maybe W-A-R-R-A-N-T. Those scenarios figure a lot bigger in my threat model than do foreign invasion, nuclear power accident, or similar. This data center doesn't seem to do much to protect against them.

Even Havenco isn't as secure against legal threats as they'd like their customers to believe, because as described in their FAQ, they reserve "the right to cancel at will if the customer's web site or service is endangering [Havenco's] access to Internet connectivity". They claim to use that primarily against spammers - but what happens if Disney and AOL-Time-Warner, which together control a whole lot of backbones, politely inform Havenco that site X has to go, or else all Havenco's customers' traffic will be unroutable on Disney's and AOL-Time-Warner's networks?

Note, too, that Havenco forbids content illegal in Sealand, which at the moment consists of and only of "child pornography" - and that sounds perfectly all right, we're decent folk who don't want to support those yucky child pornographers - until you realise that child pornography is not actually defined in Sealand law (Does it include text? Does it include photographs of adults who look younger than 18? Does it include drawings and paintings made without a model?), and that Sealand has not yet determined its official position on "regulations regarding copyright, patents, libel, restrictions on political speech, non-disclosure agreements, cryptography, restrictions on maintaining customer records, tax or mandatory licensing, DMCA, music sharing services, or other issues", and these facts are explicitly stated in Havenco's AUP. You just have to trust that the Prince of Sealand won't do anything you disagree with when it comes time to decide those issues, and that he won't cave in to pressure from other nations or large corporations. How much trust are you willing to put in one person?

As with anything else....

[Malk-a-mite]

The weak point in any security setup is normally the human element.

Nothing here changes that.

how quaint

[markj02]

Physical security--how quaint. Even if you greatly overengineer it, a widely distributed network of nodes using cryptographic techniques is likely to be much cheaper and no less secure. And it's also likely to be more resilient.

Not So Easy

[virg_mattes]

> 3 Letters.... E M P

Two words in return: Faraday Cage. This deals with the big electromagnet as well. As for the junkyard magnet, you could just arrest or disable the crane operator before he could get it near the building.(bfg)

Virg

Re:Cheap geographical redundancy, not $$$ gimmicks

[monkeydo]

If your enemy is joe with a back-hoe, then you're better off with three geographically dispersed, less secure sites. Wouldn't you agree?

No, I wouldn't agree. What we are talking about is a battle of probabililties. The most likely vulnerabilities can be protected against at one site more cheaply than multiple sites. The "backhoe" attack is easily defended against with seperate entry points to different wire centers.

One very good reason for disparate location is regional events out of your control. It is difficult to protect yourself from a massive power outage affecting most of Califonia, or natural disaster. Even if your facility has power, etc required support services may not be available. Your site may have 14 days of diesel fuel in the basement, but how long are your NOC monkeys going to watch the screens if they can't be relieved because all the roads are closed?

I fully support having multiple redundant locations, but that is no excuse for doing them cheaply.

On the other hand, if you have two locations and each one is not able to seperately withstand foreseeable negative events what do you do when they are both affected? What if a hurricane takes out you east coast and an earthquake hits the west? Each facility still needs to be as independatly survivable as possible, otherwise you don't really have redundancy, you just have "extra".

Not BackHoe-Proof - Two cuts and you're off-net

[billstewart]

There are some kind of applications that work fine in isolation, and if this is one of them, cool. But most real-world businesses need to be connected to the rest of the world - either the Internet, or privatge networks (e.g. bank data centers talking to ATMs). The article doesn't mention physically redundant communications, though I assume they probably did use a fiber ring of some sort, which means it takes *two* backhoe hits before they're off the net and not just one. But if they're this paranoid, and not just hyping themselves, they need some radio or satellite connectivity, enough voice diversity (or cell phones) so they can talk if their phone connection gets cut, and ideally geographical diversity so that if something does go seriously wrong (flood, earthquake, etc.) they can run from their other location.