Today, I discussed several network security issues with a friend who was planning a large enterprise network spanning over several provinces in China. His well-revised proposal covered almost every aspect of the great project, but only few words were related to how to implement security management after deploying the entire network. He thought applying the most advanced technology was the first thing he should consider. I then told him a real story of mine to explain why only equipping high-techs is absolutely not enough.
The photo at right is the spire of one of the currently tallest twin towers in the world, the Petronas Twin Towers, in Kuala Lumpur, Malaysia. The smaller one at its right is Kuala Lumpur Tower, the fourth highest telecom tower in the world standing at 421 meters high, though it looks more little than the Twin Towers. I took this picture after I secretly climbed on to the top-storey (88th) of another tower on 2nd May 2005.
The Twin Towers are commonly not opened to the public, and mainly occupied by the towers' builder, Petronas Company, and the subsidiaries of some world-class Big Shots such as Boeing, IBM, McKinsey and Microsoft. The Skybridge between the two towers on 41st and 42nd floor is the only part opened to all visitors, but passes limited to 1400 people per day.
Before visiting the Skybridge with other common tourists, I watched the Twin Towers' documentary film in the Tower Two's exhibition room. The film introduced the specifications of the two towers and their strongly restricted security system utilising lots of high-tech equipments and several fault-tolerant control systems. During my visit to the Skybridge, we had to follow a fixed route to pass the security check, enter the elevator, walk on the Skybridge and leave the building.
It seemed impossible for me to visit the Twin Towers' top-floor that day, but I was not resigned myself. I still wanted to try it. I was seeking a chance while window-shopping at the Kuala Lumpur City Centre (KLCC) below the two towers.
However, at last, I successfully entered the Tower Two again and reached the peak after utilizing a few tricks of social engineering to get around the security check and surveillances. Before I actually stood on the topmost, I entered the building's control room at floor 87. I even checked the security logs of that room. The last stage to the reach the peak was not to walk with steps, it was to climb, because the only approach to the top-platform was just a ladder!
I stayed on the uppermost platform for almost one hour, studied the every detail I was interesting in, including how they cleaned the external windows of the towers, how to climb into the spire of the building and what kind of metal they used for the towers. Of course, I enjoyed the fantastic scenery of the whole Kuala Lumpur, a 360 degree panoramic view of birds-eye!
I was not a terrorist. I was just a curious tourist, as well as a network security specialist. I did not use any high-tech devices there, except the cameras with me. The radio talker in my pocket was turned off after I got into the building to prevent any possible interference and detection. Finally, I quitted from the building smoothly. It was really a challenge!
The question is why any staff didn’t stop me??
As an IT professional who loves all kinds of new technology, I still have to say, technology does not mean everything to us, though it is essential. The key is how people will actually use it to improve their business as well as to protect themselves. It is not rare that some people deploy a security system earnestly but do not use it the same way.
By the way, since 2004, the highest building in the world has become the Taipei 101 Tower in Taipei, Taiwan. "At 508 meters (1,667 feet) high, the tower and its spire outrank the Petronas Twin Towers", though the record of tallest TWIN towers still belongs to Malaysia.