When writing about security issues, we always mention physical security. But there's no point having a firewall if someone can walk in and steal your servers, or if they slowly cook themselves to death in a hot, dusty cupboard. The NetBotz series of physical state monitoring appliances addresses the issue of just how to monitor the physical environment around your servers. The WallBotz 500 is a wall-mounted device into which you plug sensor "pods". These pods can either be docked (attached to the side of the unit such as the 500 that comes with a couple already attached) or located elsewhere and attached via cable connections. The unit gets its address via DHCP, so all that's needed is to plug it in and go. Once it's started up, you can connect to the management interface and set the unit up (although the out of the box defaults are pretty sensible). Management is via either a Java-based application that runs on your PC desktop or a web interface. You get the same view in either case, so it's purely a matter of personal preference. The standard pods that come with the WB500 are a camera (for motion detection) and a general sensor pod. The camera is pre-docked but there's a stand included too, so you can take it off and place it elsewhere. The general sensor pod does all the usual stuff like monitoring door switches, temperature, humidity and airflow, while the camera is used - not surprisingly - to watch for motion and alert the administrator. The benefit of using a camera rather than a PIR is clear - not only do you see motion, but you can capture an image so you stand a chance of seeing what went on. The hairdryer test
For our tests we set up the unit in our lab and configured some basic parameters. We needed, for example, to set the address of an SMTP server for sending SMTP alerts. Configured within five minutes it was reporting normal conditions. A few seconds of heat from our hairdryer (all respectable test labs should have one) elicited both temperature and humidity alerts, which arrived almost instantly in the test email inbox (we set the unit to use email as its primary alert mechanism). The alerts themselves are excellent. The system doesn't just send a boring text email to tell you what the problem is. Instead, it sends you an HTML-formatted message with a table describing the problem and a graph showing the history of whatever value is looking dodgy. It also provides a link direct to the appropriate incident section of the web interface of the WB500 to find out more. Incidentally, email isn't the only option - it can FTP files over the Internet, generate SMTP traps, sound audio alerts or even fill in web forms via HTTP POST requests! This attention to detail applies across the entire system, actually. For example, the designers have clearly done their homework and have realised that there's nothing worse than a system that keeps repeating alerts zillions of times over until you get bored and switch them off. Instead, you can tell it how long after an event to start a particular alert category (for example, you can have it try approach A for a while and then try B if nothing has been done to fix the problem). You can also set how many times to repeat the alert for the same problem and how far apart the alerts should be. Oh and the system will also alert you when the problem has gone away, so if you're hurtling down the motorway to get there before something fries, you know you can slow down a bit. Continuing on the 'they got it right' theme, the unit has a PCMCIA slot into which you can shove a wireless LAN card, so you can put the unit where there isn't a network cable. If you want to view your alerts from afar, that's fine, the web interface works either with normal HTTP or using secure HTTPS instead. I really had an 'I want one of those' moments when I looked at the WallBotz. When you're reviewing this kind of equipment, you try to find things that it doesn't do very well. At every stage, though, the WallBotz either met expectations or, often, exceeded them (the HTML email complete with graph being the most prominent example). If you have a server room that you don't monitor in person, every hour of the day, go and buy a WallBotz. Actually, even if you sit in your server room 24x7, go and buy one anyway and just use it for ongoing logging of conditions.

OUR VERDICT

In this type of device, you need a comprehensive set of sensors and a system that can alert you via a set of mechanisms (email, SMS, etc) that fits the facilities you either have or can obtain cheaply.