[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Server Rm Log even necessary?

Posted on 2014-08-19
6
Medium Priority
?
362 Views
Last Modified: 2014-09-03
I would like to ask the experts why they think a server room log is important aside from the reason that they have to comply with industry compliance like ITIL, ISO or SOX. Is the server room log even necessary if you have video surveillance/motion capture (stored up to 45 days) and FOB key access limited to authorized personnel? And it would be great too if you have some real life experience to share on how the server room log was beneficial? Was there any reason that anyone had to go back to the server room log to check who was in there longer than 45 days? Thank you all.
0
Comment
Question by:hgonzalo
  • 3
  • 3
6 Comments
 
LVL 23

Accepted Solution

by:
nemws1 earned 2000 total points
ID: 40271641
We got rid of our log when we got FOB key access set up.  The FOB log is imported into a database daily and stored forever (it's just text data, so it's not like its a lot of data).
0
 

Author Comment

by:hgonzalo
ID: 40301722
so there is no need or interest in tracking vendor access to the premises and the type of work they do in the server room? I am assuming that the fob key database only logs employee information.
0
 
LVL 23

Assisted Solution

by:nemws1
nemws1 earned 2000 total points
ID: 40301750
We don't allow unescorted vendor access to our premises, so I'm not sure its an issue for us.

What are your worries/fears?  Do you allow unescorted vendor access to your server space?  If so, and you are worried that they are going to do something malicious, a log certainly isn't going to make a difference.

Or are are you looking more for a log of server changes?  Where I'm working now we have to follow SOX compliancy, so every change to production hosts is checked/passed by management and stored in a Sharepoint repository.  At my previous job, they just used a simple web form (with a db backend) to record/log changes that worked very well for them.  Just need to make it a condition of access to your space that any changes made are recorded/reported, but I would still use bits for that instead of paper.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 

Author Comment

by:hgonzalo
ID: 40301795
yeah we do both escorted and unescorted. We are small in terms of staff so we cant escort the vendor all day if they need to be in the server room for extended period of time. Plus our server room also houses our facilities security/fire/alarm equipment and they have people go in to the server room working on non-server room related matters. I think the server room log also gives us visibility/detail on the type of work being done inside the server room such as how often equipment's are being worked on or pm'ed that could be indicators that some things need more attention.
0
 
LVL 23

Assisted Solution

by:nemws1
nemws1 earned 2000 total points
ID: 40301855
Sound like you might need a cage or some other partition to better regulate who has access to what in your room.  But it also sounds like that might be cost prohibitive if you have a small operation.  I would think continuing to use a log would be fine for you.  However, I would still prefer a an old laptop running a web browser with a big sign saying "SERVER ROOM LOG" above it that just goes to a simple web form.
0
 

Author Closing Comment

by:hgonzalo
ID: 40301994
Thanks for your input.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question