1. 4/1/2016 Is Your Data Center Prepared for the Zombie Apocalypse? 1
2. 4/1/2016 Is Your Data Center Prepared for the Zombie Apocalypse? 2
Is Your Data Center Prepared
for the Zombie Apocalypse?
3. IS YOUR DATA CENTER
PREPARED FOR THE ZOMBIE
APOCALYPSE?
WILLIAM F. SLATER, III, M.S. MBA, PMP, CISSP, CISA
ADJUNCT PROFESSOR, IIT SCHOOL OF APPLIED TECHNOLOGY
-AND-
LOUIS-PHILIAS, SEBRINA NEAL, JORIS EKPANGBO & TEMILOLU OLANIYAN
ITMT 535 â DATA CENTER ARCHITECTURE STUDENTS
A PRESENTATION FOR FORENSECURE 2016
4. AGENDA
âIntroduction
ï§ What is a Data Center?
ï§ Traditional Data Center Security Concepts
and Limits
ï§ The Zombie Apocalypse & how it can
expose n our Data Centers?
ï§ How can we prepare our Data Centers
for the Zombie Apocalypse?
âConclusion
âQuestions
âReferences
4/1/2016 4Is Your Data Center Prepared for the Zombie Apocalypse?
7. WHAT IS A DATA
CENTER?
4/1/2016 7Is Your Data Center Prepared for the Zombie Apocalypse?
8. DATA CENTER DEFINITION
It generally includes redundant or
backup power supplies,
redundant data communications
connections, environmental
controls (e.g., air conditioning, fire
suppression) and various security
devices. Large data centers are
industrial scale operations using
as much electricity as a small
town.
31 March 2016 8Is Your Data Center Prepared for the Zombie Apocalypse?
9. WHY DATA CENTER MATTERS?
âThe internet was done so well that most people think of it as a
natural resource like the Pacific Oceanâ
-Alan Kay-
11. CIA â THE SECURITY TRIAD
114/1/2016 Is Your Data Center Prepared for the Zombie Apocalypse?
TRADITIONAL DATA CENTER SECURITY CONCEPTS
12. TRADITIONAL DATA CENTER SECURITY CONCEPTS
The security in a Data Center is based on
safeguarding of data and other IT assets (the
CIA TRIAD) and consists of two types:
âThe Physical Security
âThe Logical Security
4/1/2016 12Is Your Data Center Prepared for the Zombie Apocalypse?
13. TRADITIONAL DATA CENTER SECURITY CONCEPTS
âPhysical security building best practices:
1. Build on the right spot
2. Have redundant utilities,
3. Pay attention to the walls, how they are built
4. Avoid windows
5. Use landscaping for protection,
6. Keep a 100-foot buffer zone around the site,
7. Use retractable crash barriers at vehicle entry points,
8. Plan for bomb detection
9. Limit entry points,
10. Make fire doors exit only,
Sarah Scalet
4/1/2016 13Is Your Data Center Prepared for the Zombie Apocalypse?
14. 4/1/2016 14Is Your Data Center Prepared for the Zombie Apocalypse?
TRADITIONAL DATA CENTER SECURITY CONCEPTS
Sarah Scalet
15. 11. Use cameras as much as possible,
12. Protect the building's machinery,
13. Plan for secure air handling,
14. Ensure nothing can hide in the walls and ceilings,
15. Use two-factor authentication
16. Harden the core with security layers
17. Watch the exits too,
18. Prohibit food in the computer rooms,
19. Install visitor restrooms.
âThe logical security (Antivirus software, firewalls and
intrusion-detection systems for instance)
4/1/2016 Is Your Data Center Prepared for the Zombie Apocalypse? 15
Sarah Scalet
17. LIMITS
âBe Diligent Against the Biggest Threat: People
âȘ Whether it is intentional sabotage, social engineering, carelessness
or lack of following a defined policy, people working in the facility
can be the biggest risk. For example, social engineering is a
common threat because most people by nature want to be helpful.
Itâs important to train people to stick to the security policy and
require them to be 100 percent accountable for their access.
âȘ Furthermore, the redundancy of IT equipment is the first goal to
meet in any data center to assure its availability, to make it free of
disruption. But the people working in a data center are its most
important « engine », and cannot be redundant.
4/1/2016 17Is Your Data Center Prepared for the Zombie Apocalypse?
18. THE ZOMBIE
APOCALYPSE & HOW
IT CAN EXPOSE OUR
DATA CENTERS
4/1/2016 18Is Your Data Center Prepared for the Zombie Apocalypse?
20. WHAT ARE ZOMBIES?
âA zombie (Haitian French: zombi, Haitian Creole: zonbi) is a
fictional undead being created through the reanimation of a
human corpse.
âThe English word "zombie" is first recorded in 1819, in a
history of Brazil by the poet Robert Southey, in the form of
"zombi". The Oxford English Dictionary gives the origin of
the word as West African, and compares it to the Kongo
words nzambi (god) and zumbi (fetish).
âOne of the first books to expose Western culture to the
concept of the voodoo zombie was The Magic Island by
W.B. Seabrook in 1929. This is the sensationalized account
of a narrator who encounters voodoo cults in Haiti and their
resurrected thralls.
4/1/2016 20Is Your Data Center Prepared for the Zombie Apocalypse?
21. THE STORY OF FELICIA FELIX MENTOR
4/1/2016 Is Your Data Center Prepared for the Zombie Apocalypse? 21
Felicia Felix-Mentor was a Haitian woman believed to have been
made into a zombie in the early part of the 20th century. She
reportedly died in 1907, after a sudden illness of the type that
Haitian belief finds to be characteristic of a person marked to be
made into a zombie.
In 1936 a woman in ragged clothing was found wandering the
streets, and made her way to a farm which she claimed belonged
to her father. The owners identified the woman as Felicia Felix-
Mentor, long thought dead, and Felix-Mentorâs husband also
confirmed this. Due to her poor health, she was sent to a
government hospital. A doctor who interviewed her described her
behavior.
Her occasional outbursts of laughter were devoid of emotion, and
very frequently she spoke of herself in either the first or the third
person without any sense of discrimination. She had lost all
sense of time and was quite indifferent to the world of things
around her.
22. WEST AFRICAN ZOMBIES (BENIN)
4/1/2016 Is Your Data Center Prepared for the Zombie Apocalypse? 22
23. WHAT IS THE ZOMBIE APOCALYPSE?
âIntimately tied to the concept of the modern zombie is the "zombie apocalypse"; the
breakdown of society as a result of an initial zombie outbreak that spreads. This
archetype has emerged as a prolific subgenre of apocalyptic fiction and has been
portrayed in many zombie-related media after Night of the Living Dead. In a zombie
apocalypse, a widespread (usually global) rise of zombies hostile to human life
engages in a general assault on civilization. Victims of zombies may become zombies
themselves. This causes the outbreak to become an exponentially growing crisis: the
spreading phenomenon swamps normal military and law enforcement organizations,
leading to the panicked collapse of civilized society until only isolated pockets of
survivors remain, scavenging for food and supplies in a world reduced to a pre-
industrial hostile wilderness.
âThis fictional event has gained gradually recognition:
âȘ In government media
âȘ On 18 May 2011, the United States' Centers for Disease Control and Prevention (CDC)
published a graphic novel, Preparedness 101: Zombie Apocalypse providing tips to survive
a zombie invasion as a "fun new way of teaching the importance of emergency4/1/2016 23Is Your Data Center Prepared for the Zombie Apocalypse?
24. WHAT IS THE ZOMBIE APOCALYPSE?
âȘ In music
Michael Jackson's music video Thriller (1983), in which he dances with
a troop of zombies, has been preserved as a cultural treasure by the
Library of Congress' National Film Registry
âȘ In literature
Max Brooks's novel World War Z (2006) became a New York Times
bestseller.
âȘ In theoretical academic papers
Adam Chodorow of the Sandra Day O'Connor College of Law at
Arizona State University investigated the estate and income tax
implications of a zombie apocalypse under United States federal and
state tax codes.
4/1/2016 Is Your Data Center Prepared for the Zombie Apocalypse? 24
25. NOTABLE ORGANIZATIONS THAT BELIEVE IN THE
ZOMBIE APOCALYPSE
4/1/2016 Is Your Data Center Prepared for the Zombie Apocalypse? 25
27. AMERICAN CITIES â BEST AND WORST PLACES FOR
THE ZOMBIE APOCALYPSE
4/1/2016 Is Your Data Center Prepared for the Zombie Apocalypse? 27
28. THE ZOMBIE APOCALYPSE THREAT & HOW CAN IT
EXPOSE OUR DATA CENTERS
âThreat modeling (often related to the logical security in Data Center)
There are at least three general approaches to threat modeling:
âAttacker-centric
Attacker-centric threat modeling starts with an attacker, and evaluates their goals, and how they
might achieve them. Attacker's motivations are often considered, for example, "The NSA wants
to read this email," or "Jon wants to copy this DVD and share it with his friends." This approach
usually starts from either entry points or assets
âSoftware-centric
Software-centric threat modeling (also called 'system-centric,' 'design-centric,' or 'architecture-
centric') starts from the design of the system, and attempts to step through a model of the
system, looking for types of attacks against each element of the model. This approach is used
in threat modeling in Microsoft's Security Development Lifecycle
âAsset-centric
Asset-centric threat modeling involves starting from assets entrusted to a system, such as a
collection of sensitive personal information
4/1/2016 28Is Your Data Center Prepared for the Zombie Apocalypse?
29. Any high security data center can actually prevent any disaster including a
zombie apocalypse :
âA hardened, secure, windowless facility will keep the staff and the servers safe
and protect them from hordes of brain-hungry, shambling corpses pounding at
the front door
âIf âcleverâ zombies somehow manage to get hold of a keycard or passcode,
multi-factor security that includes biometrics (zombies, after all, donât have the
body warmth and heartbeats of a living human) should prevent the flesh-eaters
from getting in
âWhat if the walking dead attack during a shift change at the local power plant? No
problem: your uninterruptible power supply (UPS) will bridge the few seconds it
takes for the generators to reach full power
4/1/2016 29Is Your Data Center Prepared for the Zombie Apocalypse?
THE ZOMBIE APOCALYPSE THREAT & HOW CAN IT
EXPOSE OUR DATA CENTERS
30. âHaving a secondary site can be a nice safeguard if zombies find a hole in security at a
less secure site.
The remaining question is: What if the danger
comes from within the data center?
4/1/2016 Is Your Data Center Prepared for the Zombie Apocalypse? 30
THE ZOMBIE APOCALYPSE THREAT & HOW CAN IT
EXPOSE OUR DATA CENTERS
31. Are you going to quarantine them? Or kill them?
No logic would lead the contaminated staff so the worst has to be expected. The data
center will be likely to be destroyed because :
âą Delete/modify the data
âą Infect other people
âą Causing a Virus to spread
âą Press the RED button
The most astonishing fact is that there are no palliative solutions for those dramatic
events up to now in any data center disaster recovery plan.
4/1/2016 Is Your Data Center Prepared for the Zombie Apocalypse? 31
THE ZOMBIE APOCALYPSE THREAT & HOW CAN IT
EXPOSE OUR DATA CENTERS
32. HOW WILL YOU KNOW THE ZOMBIE APOCALYPSE IS
HAPPENING?
Source: http://hisz.rsoe.hu/alertmap/index2.php?area=usa&lang=eng
RSOE - Emergency and Disaster Information Service
4/1/2016 Is Your Data Center Prepared for the Zombie Apocalypse? 31
33. âNoah did not wait until it was raining to start building the Ark.â
4/1/2016 33
âBETTER SAFE THAN SORRYâ
Is Your Data Center Prepared for the Zombie Apocalypse?
34. âBETTER SAFE THAN SORRYâ
âData center designers generally do a good job preparing for conventional risks like
earthquakes, fires, floods, and hurricanes, but if the disaster recovery plan doesnât
include provisions for dealing with the undead, the risk mitigation strategy has a gaping
hole
âUnlike conventional disaster recovery (DR)/business continuity planning (BCP),
zombie preparedness has a unique set of goals beyond data protection and business
resumption:
Ensure the long-term Survivability of your
facilities AND your people
4/1/2016 Is Your Data Center Prepared for the Zombie Apocalypse? 34
35. HOW CAN WE PREPARE
OUR DATA CENTERS
FOR THE ZOMBIE
APOCALYPSE?
4/1/2016 35Is Your Data Center Prepared for the Zombie Apocalypse?
36. NECESSARY SURVIVAL KIT :
WATER
4/1/2016 Is Your Data Center Prepared for the Zombie Apocalypse? 35
37. NECESSARY SURVIVAL KIT :
FOOD
4/1/2016 Is Your Data Center Prepared for the Zombie Apocalypse? 36
38. NECESSARY SURVIVAL KIT :
WEAPONS
4/1/2016 Is Your Data Center Prepared for the Zombie Apocalypse? 37
39. DATA CENTER FORTIFICATION CONCEPTS TO
SURVIVE A ZOMBIE APOCALYPSE
âShelter in Place
âHighly-Available, Redundant
âȘ Power
âȘ Cooling
âȘ Communications
âEntertainment
âCommunications Equipment
(Raspberry Pi, radio FM transmitter)
âSleeping quarters
âSanitary Facilities
âSensors (presence sensors etc)
âFirst-Aid Kits
âMedical Supplies
4/1/2016 Is Your Data Center Prepared for the Zombie Apocalypse? 39
40. LETâS BE PRAGMATIC!
Odds are, an outbreak of zombies is for
now unlikely to happen. But there are still
plenty of other potential threats that could
spell disaster for your data center if youâre
not prepared. So make sure you take the
time to consider all possibilities as you
build out your IT infrastructure, have a
disaster plan in place and hold a test drill
every so often to make sure everyone
knows what to do to keep your facilities
online. Always best to prepare for
zombies, even when there is no perceived
threat of zombies
4/1/2016 Is Your Data Center Prepared for the Zombie Apocalypse? 40
41. OUR RECOMMENDATIONS
âImprove your Disaster Recovery Plan and your Business
Continuity Plan
âActively fortify your Data Center
âEquip and Train every member of your Data Center Staff
âPlan to for the Long-Term Survivability of the Human
Element
âTake the Online Quiz: http://bit.ly/1MJRVLn
4/1/2016 41Is Your Data Center Prepared for the Zombie Apocalypse?
43. Discussion of DoS Attacks
In early February 2000, a series of well organized
denial-of-service attacks were launched against
some major e-commerce websitesâŠ
53. REFERENCES
4/1/2016 53Is Your Data Center Prepared for the Zombie Apocalypse?
Google Hacking for penetration
testers, By Long J. & Gardner
B. & Brown J.
Everything you ever wanted to
know abut zombies, By Mogk
M.
54. REFERENCES
4/1/2016 54Is Your Data Center Prepared for the Zombie Apocalypse?
The Zombie Survival Guide, By
Brooks M.
The Makerâs Guide to the
Zombie Apocalypse, By Monk
S.
55. âą Ashford, W. (2015, May 26). Linking threat modelling and risk analysis key to cyber
security. Retrieved March 31, 2016, from
http://www.computerweekly.com/news/4500246898/Linking-threat-modelling-and-risk-analysis-
key-to-cyber-security
âą Castro, D. (2014, October 29). Is US Tech Policy Ready For A Zombie Apocalypse? â
InformationWeek. Retrieved March 31, 2016, from http://www.informationweek.com/it-life/is-us-
tech-policy-ready-for-a-zombie-apocalypse/a/d-id/1316987
âą Dougherty B. (2012): Is your data center ready for the coming zombie apocalypse?
Retrieved from http://www.ragingwire.com/blog/disaster-recovery-business-continuity-planning-
and-zombie-preparedness on March 31st, 2016
âą Grimes, R. A. (2014, April 8). Repeat after me: Model your security threats first. Retrieved
March 31st, 2016, from http://www.infoworld.com/article/2610847/security/repeat-after-me--
model-your-security-threats-first.html
âą Hudson, G. (2012, February 13). 6 Green Data Centers that Could Survive a Zombie
Apocalypse. Retrieved March 31st, 2016, from http://cleantechnica.com/2012/02/13/6-green-
data-centers-that-could-survive-a-zombie-apocalypse/
4/1/2016 Is Your Data Center Prepared for the Zombie Apocalypse? 55
REFERENCES
56. âą Jackson, M. (1982). Michael Jackson - Thriller. Retrieved March 31, 2016, from
https://www.youtube.com/results?search_query=thriller+michael+jackson
âą Khan, A. S. (2011, May 16). Preparedness 101: Zombie Apocalypse. Retrieved March 31st,
2016, from http://blogs.cdc.gov/publichealthmatters/2011/05/preparedness-101-zombie-
apocalypse
âą Miller, R. (2013, March 4). Brocade Data Center Repels Zombie Attack | Data Center
Knowledge. Retrieved March 31, 2016, from
http://www.datacenterknowledge.com/archives/2013/03/04/brocade-data-center-repeals-zombie-
attack/
âą Scalet S. (2006): 19 Ways to Build Physical Security Into a Data Centre. Retrieved March
31st, 2016 from
http://www.cio.com.au/article/181324/19_ways_build_physical_security_into_data_centre/ on
March 24th, 2016
âą Threat modeling. (n.d.) Retrieved March 31st, 2016, from
https://en.wikipedia.org/wiki/Threat_model
âą Trend micro: Security threats to evolving data centers - Trend micro U.S.A. (n.d.). Retrieved
March 31, 2016, from http://www.trendmicro.com/cloud-content/us/pdfs/security-
intelligence/reports/rpt_security-threats-to-datacenters.pdf
âą Warwick A. (2015): Linking threat modelling and risk analysis key to cyber security.
REFERENCES
4/1/2016 Is Your Data Center Prepared for the Zombie Apocalypse? 55
57. PRESENTER BIO:
WILLIAM F. SLATER, III
â Current Positions â
Project Manager / Sr. IT Consultant at Adecco North America,
President & CEO of Slater Technologies, Inc. , and Adjunct
Professor at the Illinois Institute of Technology - Working on
projects related to
âȘ Global Cybersecurity Manager at a $4.5 Billion company
âȘ Software Development and Migration at the U.S. Department of
Veterans Affairs
âȘ Security reviews and auditing
âȘ ISO 27001 Project Implementations
âȘ Subject Matter Expert for preparing Risk Management and
Security Exams at Western Governorâs State University in UT
âȘ Created an eBook with articles about Security, Risk
Management, Cyberwarfare, Project Management and Data
Center Operations
âȘ Providing subject matter expert services to Data Center product
vendors and other local businesses.
âȘ Also Developing and presenting technical training materials for
undergraduate and graduate students at the Illinois Institute of
Technology in the areas of Data Center Operations, Data Center
Architecture, Cyber Security Management, and Information
Technology hardware and software.
4/1/2016 Is Your Data Center Prepared for the Zombie Apocalypse? 57
58. BIOâS OF CO-PRESENTERS :
ITMT 535 STUDENTS
Student Name Bio Major Graduation
Date
Sebrina Neal Sebrina is an undergraduate
majoring in ITM, she earned her
Associates Degree in Computer
Information Systems (CIS) from
Kennedy King College in 2014,
a scholar in One Million
Degrees Scholarship Program,
and an IT intern at HBK
Engineering, LLC.
Information
Technology &
Management
December
2016
Joris Ekpangbo Graduate student in ITM - Data
Management in a double
degree program taking also a
professional Master in
Information Systems
Engineering at ESIGELEC/FR
Information
Technology &
Management
December
2016
4/1/2016 58Is Your Data Center Prepared for the Zombie Apocalypse?
59. BIOâS OF CO-PRESENTERS :
ITMT 535 STUDENTS
Student Name Bio Major Graduation
Date
Louis-Adrien
Philias
Louis is a graduate student in
a double degree program from
France in ITM with a
specialization in Data Center
Operations & Management
Information
Technology &
Management
August 2016
Temilolu
Olaniyan
Temi had her undergraduate
degree in computer
engineering and is currently
pursuing her Graduate studies
in Information Technology and
Management at Illinois
Institute of Technology
Information
Technology &
Management
December 2016
4/1/2016 59Is Your Data Center Prepared for the Zombie Apocalypse?