Protecting Exterior Communications Infrastructure
Like this article?
Visit our Security Tips page for more than 75 additional articles on a variety of topics related to physical security
Follow us on Twitter to be notified when new Security Tips are published
Most organizations are unable to operate without telephone and Internet service. Now that most business transactions are performed electronically rather than manually, not having access to the Internet can literally shut down a business and require that company employees be sent home. The increased use of cloud-based services makes having reliable data communications between the facility and the Internet even more important than ever.
Most companies do a good job of securing their server rooms, MDF rooms, and IDF rooms. These rooms are often some of the most secure in the facility, and are typically protected using card access control systems, alarm monitoring systems, and video surveillance systems. Some computer rooms also use advanced security measures such as biometric devices, mantraps, and anti-tailgating devices.
Ironically, while most companies do a good job of protecting data communications infrastructure located inside of their facility, many of these same companies completely fail in protecting crucial communications infrastructure located outside of their facility. When we conduct security assessments of critical facilities such as data centers and call centers, we often find that the incoming communications and power utilities to the facility are completely unprotected.
Often, underground vaults that contain copper or fiber optic communications cables are left unlocked, allowing anyone to have access to the cables. In many cases, these vaults are installed in an unprotected area near the street or sidewalk, and sometimes marked with signs that say "Fiber Optic Cable" and sometimes even give the street address of the building that they serve. These conditions would allow a vandal or saboteur to quickly identify the vault, open it, and cut or otherwise damage the cables located inside. Access to these cables might also allow a more sophisticated attacker to tap into circuits to listen to conversations or to monitor network traffic.
When above-ground equipment cabinets or pedestals are used for communications cables, these are many times left unlocked, or if locked, are capable of being opened with a simple tool. Often, equipment cabinets and pedestals will be located close to a driveway or road, allowing them to be easily damaged by a vehicle, either deliberately or accidentally.
To provide improved security of exterior communications infrastructure, the following is recommended:
If possible, try to locate underground vaults and above-ground cabinets and pedestals within a fenced area that is under your control. If your site is unfenced, consider providing fencing just around the areas that contain vaults or cabinets.
Avoid providing signage that indicates the purpose of underground vaults or above-ground cabinets or that indicates which building(s) they serve. In general, the people who have a legitimate need for this information already know it or can obtain it from other sources.
All underground vaults, manholes, cabinets, junction boxes and pedestals should be equipped with locks. The use of a high-security lock (such as locks made by ASSA Abloy or Medeco) is preferred. Also consider using locks and security devices made specifically for manholes and utility cabinets, such as those made by McGard.
Consider equipping vaults and equipment cabinets with tamper switches or magnetic contact switches. These switches should be connected to your facility's security management system or intrusion alarm system and programmed to sound an alert any time a vault or cabinet door is opened.
Locate above-ground cabinets and pedestals away from the street and driveway when possible. If this is not possible, consider installing concrete or metal bollards to provide protection against vehicles striking the cabinets or pedestals.
If data communications cabling runs in surface mounted conduit along the exterior of the building, pull-boxes or elbows can provide can provide access to the cables. Provide locks and tamper switches on larger junction boxes; use tamper-resistant screws on elbows and conduit bodies. Unused knockouts on junction boxes should be welded closed.
If you lease space in a multi-tenant building, learn how telephone and data services enter your facility from the street. Work with the landlord or property manager to make sure that communications cables are well-protected between the street and the spaces that you lease.
Please contact us if you have any questions about this Security Tip, or if you need help in planning security improvements for your exterior communications infrastructure.