Your colo rack is not safe. Change your lock ! - Montreal Server Colocation

Your colo rack is not safe. Change your lock !

Data centers are typically super secure. 24/7 CCTV, security staff, biometric scanners, you name it.

Unfortunately, your security is only as good as the weakest link in the chain. Even if you have the best software protection, if your hardware isn’t safe, all your efforts are worth nothing.

Recognize this lock?

The main issue in colocation data centers is the lock you’ll find on most cabinets.

Tripp Lite Server Rack Door handles with Combination Lock | Tripp Lite

If you’ve been in a colocation data center, you’ve probably seen a lock like this. Colocation data centers will configure a 3 digit pin code that will allow you to unlock your cabinet.

Well, bad news for you if your cabinet uses a lock like this: It can be unlocked with a generic key that you can buy on eBay. Yup, this cheap key that you can find online will allow you to open 90% of the racks in colocation data centers.

Overall, with 3-4 keys, you can open up most colocation racks. Some colo providers will use “unique keys”, which can help overcome this, but they are often only a variant of a generic set that is sold to many providers.

But you can get electronic locks, they are better!

Not really. Rack locks that use your data center badge don’t really add a level of security, since it’s the same authentication method you use to access the data center.

Other solutions include biometric rack locks, but just like locks that use your RFID badge, they rely on batteries and can be quite annoying to deal with. Also, we have seen some of those be insecure with software flaws.

Isn’t there CCTV?

Most data centers that are well built will have cameras in every hot and cold aisle with vision on every rack, preventing someone with a key to do anything wrong to your gear.

Well technically true, you’d be surprised how many data centers don’t have cameras in the data halls past the main door. If your rack is in a blind spot, you’d have no proof to pinpoint who was behind a potential act of wrongdoing. Anyhow, if you’re at that point, its because the data center hasn’t done it’s job.

What do to next?

Simple! Ask your provider for a unique rack lock. They don’t need power, work everytime and are quite cheap. If your provider if going to charge you 250+$/KW, they can probably provide you a true secure lock.