A strange take on physical security

January 18th, 2010
During my time as a consultant I’ve seen many interesting takes on security. Today has been no exception. When visiting a client, we found that a new security policy has been enforced. In order to ensure that only authorized personnel and invited guests are in the building, they now require that guests are wearing guest access cards. The procedure for getting a card is as follows:
  1. Enter the building
  2. Take the lift to the floor mentioned on the sign
  3. Sign list and take card
Now, this could have been okay(ish), if not for the shortcomings inherent in the implementation of this physical access restriction scheme:
  1. The front door is unlocked
  2. The lift allows going to any floor with no sort of identification or security – including the top floor, which has most helpfully been labeled “authorized personnel only”
  3. The list/card procedure is not managed or reviewed, the guest is left to do all paperwork alone and unsupervised
  4. The card is a simple cardboard guest card, and serves no other purpose than to visually identify guests
  5. Employees are generally not wearing ID cards
  6. Doors are generally not locked, not even on the restricted top floor
The right way of restricting access would have been to lock the front door, and man it with security guards in charge of the guest list and the guest verification procedure. As for the lifts and doors, proper access control using swipe cards would the way to go. All off this is 1970’s technology, and is readily available from all major vendors of building security. Even better methods exist if using modern technology – sadly, they settled for a “solution” which is neither here nor there…

Posted in Random ramblings | No Comments »

Slow writes to RAID on Dell PowerEdge SC440

November 11th, 2009

Every few years I come across one of the little boxen, and every time I face the same issue. I can clearly remember that the RAID is slow for a reason, just not which reason. This posting is intended to save me from spending time on google in a few years…

The Dell PowerEdge SC440 is a nice little Xeon-based tower server featuring a SAS 5/iR RAID controller. The sluggish writes are due to the default disabling of write cache on the controller, which is just fine for making sure data are not lost if the power fails, but which also drags performance down to ridiculous levels. It’s not possible to enable write cache from the controller firmware menu.

Here’s how to work around that issue:

If running FreeBSD, add ‘hw.mpt.enable_sata_wc=1′ to your boot.conf.

If running Linux, use lsiutil to adjust the value directly in the RAID controller firmware.

If running Windows, well, who does that sort of thing if performance matters?

A few numbers from a quick write test under FreeBSD 7.2, using ZFS on top of the array:

Write cache disabled, 32K chunks: 2 MB/s

Write cache enabled, 32K chunks: 40 MB/s

Please don’t enable write cache and blame me for subsequent loss of data, limbs or partners.

Tags: ,
Posted in FreeBSD, Linux | No Comments »

« Older Entries