Cabling Colors and CIS Controls

The first of the CIS Controls is called “Inventory and Control of Hardware Assets”. One of my friends is an organizer of a big European IT conference and during a recent lunch he brought up a topic which is interesting. The color coding of your network cables and security.

Huh? I hear you think. Well, my friend is correct. It is one of the common issues. Imagine that I show you a pack of 20 cables running through your building. You can not peak at the labels attached at the end. Could you tell me what cable would have what impact if it would break?

A lot of people can’t and yet it is part of control #1 in the CIS controls. It is an easy one to fix, by colored cables and replace your cable with a color coded one. It will not upgrade the network immediately but it will help you get one small step closer.

If you wonder who does such a thing? Well, when I had a job as a student I worked in an IT team of a financial institution for the summer. Can you guess what the red cable meant? Indeed, very important data going over it. It was the one cable you needed multiple signatures from the business for before you could even unplug it.

“But most of my network is already cabled!” is the common argument not to do this. You are right in the sense it would be foolish to replace everything in the next month. If you have to install new hardware you could systematically replace the old cables or replace for example first all VoIP phones, then all printers, and then the desktops on the first floor. Bit by bit you will get closer to the desired end result.