Thinking about Data Center Solutions

Engineers from La Salle-URL share the latest news and projects in the field of network solutions in telematic engineering.

02 May 2016 | Posted by Redacción Data Center

Security within a Data Center

Hey folks! How you doing?

In today's post we will be talking about security. Security is the MAIN objective to ensure in a Data Center. Why is it so important, someone could ask? Well, lets resume it in a sentence: information is power, and the one that owns power, uses it. So every company holding a DC, should protect it as the most valued good it has.

The security of an enterprise is strictly attached to its reputation. Who in their right mind would be client of a poorly secured enterprise? Experience says that having security flaws is a synonym clients loss.

Nowadays, enterprises are really difficult to secure, as those enterprises get every day more and more decentralized. So, we do not have a clear entrance point for our malware, but we have many different points to cover because of having different parts of the company in different, logical and physical, sites.

Captura de pantalla 2016-05-02 a les 21.49.29 1

So defending that main entrance point has become wide spread, and trying to defend them all has become impossible mission. I am not saying that those points should not be protected, but another type of security has emerged: prevention of lateral threads.

As securing entrance points is really hard, the main goal has become preventing that those infected hosts do not spread malware from east to west. As the wide variety of firewalls in the market do no permit monitoring the traffic within the same subnet, the spread of the malware within that subnet is no controlled. Some security companies offer the possibility to track different communications between different nodes, within the same subnet, with new and advanced firewalls, which are basic for the network security. So, the final communication path would  be:

|     NODE A -------> FIREWALL ---------> NODE B    |

|     NODE B -------> FIREWALL ---------> NODE A    |

_______________SAME SUBNET_______________

Also, having the right policies put in the tradicional firewall should be a must as well. Any company should know what kind of traffic is entering and leaving its domains.

Another important point, is to have an intuitive view of logs within your network. Logs are all type of events that happen in a network, which are collected into one host of the network. But having those logs stored without any order, not even a single classification, is useless. Those logs should be revised every now and then in order to know what is happening in your network. Nowadays, software has been developed to a point in which automatization of log reading can be achieved.

digital security_jeeP

Finally, we cannot forget about physical security, which is a very important point to take into account. All the technology above explained is useless if an intruder can physically access my Data Center. So it is also important:

  • Having reinforced walls.
  • Avoiding windows.
  • Using landscaping for security.
  • Hiring security guards.
  • Limiting entry points.
  • Having access controls.
  • Having videocamera circuits.
  • Having equipment protected within closed racks.

Hope you have enjoyed our security topic of this week. Hope to see you in the next post!

Have a nice week!

Share

Add new comment

CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
3 + 1 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.