Due to current and anticipated demand for high quality training on the Macintosh Platform, it's many capabilities and powerful applications, Creative Resources has added 2 more Apple Certified Trainers to our Staff. This is to accommodate our wide range of customers, business clients, and educational institutions in need of our training services.

Matt Hopp and Jonathan Spiva just completed the intense 5-day training program provided by Apple at their main facility in Cupertino, CA in mid-December. Both Matt and Jonathan have years of experience with both Apple and Windows platforms and are very much ready to take the next step toward getting their training certifications.

Matt Hopp has been a System Engineer for Creative Resources for just over a year now and has been an invaluable resource for our many satisfied customers who count on us for the highly professional and reliable Technical Support Services that Creative Resources has built its reputation on.  Matt is certified to teach the MacOS 100, 101 and 105 classes.  The MacOS 105 class, newly released, focuses on Macintosh administration for Windows IT personnel.

Jonathan Spiva comes from a background in Apple Retail and has just recently joined our team of talented Account Executives who are dedicated to keeping our clients and their technology investments in top running condition. He has proved to be very knowledgeable in all aspects of Apple products and the Macintosh systems. Jonathan is certified to teach the MacOS 100 and 101 courses.

Both Matt and Jonathan will be excellent additions to our already talented team of Apple Certified Trainers and will certainly give us the capacity to satisfy the growing demand for Professional Training in the Apple Environment and the many applications it supports to improve the efficiency of your business, home system or classroom environment.

For more information concerning our Apple Authorized Training Centers (AATC), available classes, and Orange County or Hawaii locations, please visit our website at www.creativeresources.net or give us a call at our toll free number 877-MACS.911

Maintaining Physical Security Equipment

Many administrators who diligently focus on data security often forget about the physical equipment that secures their data center and enterprise buildings.

Security measures, such as alarms, CCTV (closed-circuit television) systems, and locked doors, to name a few, are key pieces of your physical security apparatus. Don't throw away all that money and time spent securing your data by neglecting your physical security equipment; after all, nothing attracts thieves more than a wide-open front door.

What To Focus On

Administrators looking to identify the most critical pieces of physical security equipment on which to focus their energies should not stray too far from the obvious. Kevin Beaver, founder and principal information security consultant at Principle Logic (www.principlelogic.com), says people often overlook basic items, such as their server racks.

"I often find racks that aren't locked-sometimes they're not even lockable," says Beaver.

So, focus on the not-so-obvious items: For example, does hardware come with built-in physical security measures that you've overlooked? Do server cabinets, enclosures, and, of course, racks remain locked at all times, or are they often left wide open? Do data center administrators and other key personnel leave their offices unlocked when they go home at the end of the day? Who makes sure doors into critical areas remain locked?

Dr. Johannes Ullrich, dean of the faculty and chief research officer for the SANS Institute, a graduate school dedicated to the study of information security, says administrators should focus on access control systems that are able to log access to restricted areas. If your facility's badge-based access control system can be easily defeated, a determined thief could gain unfettered access to your facility, especially if he is working with a disgruntled insider willing to help.

But, adds Ullrich, data center managers should not rely too much on technical solutions. "Data centers," he says, "should be monitored by security personnel either onsite or via CCTV." Technology today may be dazzling in its capabilities, but there are times when you can't beat the simplicity and effectiveness of security personnel who make rounds and keep their eyes on your assets.

 Maintaining Physical Security Equipment

Examples of physical security equipment that must be maintained in good working order include door locks, badge/access systems, CCTV camera systems, fire suppression systems, windows, alarm systems, etc.

And keeping that physical security equipment working properly is absolutely essential. The SANS Institute's Ullrich says physical security equipment should be regularly tested and audited. For example, Ullrich adds, this can be as simple as having a security guard check doors to make sure they're locked.

"Physical security," says Ullrich, "has to be included in regular security reviews and penetration testing exercises."

Principle Logic's Beaver says administrators should consistently monitor physical security equipment, ensure alerts are sent when systems and sensors fail, and also test equipment during ongoing information security tests and audits.

And speaking of audits . . . both experts agree that periodic auditing is an effective tool for assessing the effectiveness of physical security equipment. Kevin Beaver says audits "uncover physical weaknesses that you may not have thought about or had the experience or tools to uncover."

So, in those cases where tools and/or expertise may not be on hand to perform a thorough job, the best way to conduct an audit is using a third-party security firm specializing in that area. Beyond expertise, a fresh set of eyes looking around may uncover issues hiding in plain sight that are not obvious to personnel working in the data center every day.

The SANS Institute's Ullrich says physical security audits are effective, but they must be done well.

"One reason why they are not that effective is that they are sometimes added on to regular security audits as an afterthought and not performed by auditors trained in physical security issues," says Ullrich. In other words, the tried and true "garbage in, garbage out" adage applies here: Audits conducted in a nonchalant manner just to satisfy a requirement are a timewaster and can give administrators and managers a false sense of security.

 Keep It Simple

Ullrich recommends that administrators avoid relying too much on technology to protect their assets and strive to "keep it simple."

"Limit the number of access doors," he says, "and think 'defense in-depth': Build layers of redundant and diverse security systems around the core of the data center." In other words, avoid relying on single defenses because if they are vulnerable, a determined intruder can take full advantage of these single points of failure.

But escaping technology won't be an easy task. According to Beaver, physical security systems and traditional IT systems are converging. For example, CCTV systems are slowly being replaced by IPTV systems that can use data networks to transmit video feeds from security systems. And, says Beaver, data center managers frequently overlook the fact that devices have IP addresses and operating systems with vulnerabilities that can be exploited.

This convergence is sure to have serious implications for the management of physical security systems and, while adding convenience, will also add a layer of complexity, presenting new challenges for admins.