Data center security

Last updated

Data center security is the set of policies, precautions and practices adopted at a data center to avoid unauthorized access and manipulation of its resources. [1] The data center houses the enterprise applications and data, hence why providing a proper security system is critical. Denial of service (DoS), theft of confidential information, data alteration, and data loss are some of the common security problems afflicting data center environments. [2]

Contents

Data security issues can be harmful to many companies sometimes, so it is very important to know what are the issues and find useful solutions for them. The purpose of data security is to protect digital information from unauthorized access. It is also important to note that data security is different from data privacy. There are many situations where data center security would be threatened on, especially for cloud-based data.

Overview

According to the Cost of a Data Breach Survey, [3] in which 49 U.S. companies in 14 different industry sectors participated, they noticed that:

Many big companies nowadays are using the cloud to store their and their customers' data, but the risks of saving data in the cloud can be enormous. Cyber attacks can be very harmful to many companies. There were 64% of companies worldwide that had troubles with cyber attacks in the year 2020 alone. [4] Some cyber attacks targeted personal information such as identity theft can hurt someone's credits with life-changing influences.

The need for a secure data center

Physical security is needed to protect the value of the hardware therein. [5]

Data protection

The cost of a breach of security can have severe consequences on both the company managing the data center and on the customers whose data are copied. The 2012 breach at Global Payments, a processing vendor for Visa, where 1.5 million credit card numbers were stolen, highlights the risks of storing and managing valuable and confidential data. [6] As a result, Global Payments' partnership with Visa was terminated; [7] it was estimated that they lost over $100 million.

Insider attacks

Defenses against exploitable software vulnerabilities are often built on the assumption that "insiders" can be trusted. [8] Studies show that internal attacks tend to be more damaging because of the variety and amount of information available inside organizations.

Vulnerabilities and common attacks

The quantity of data stored in data centers has increased, partly due to the concentrations created by cloud-computing [3]

Threats

Some of the most common threats to data centers:

Vulnerabilities

Common vulnerabilities include:

Exploitation of out-of-date software

Many "worm" attacks on data centers exploited well-known vulnerabilities:

Exploitation of software defaults

Many systems are shipped with default accounts and passwords, which are exploited for unauthorized access and theft of information.

Common attacks

Common attacks include:

Network security infrastructure

The network security infrastructure includes the security tools used in data centers to enforce security policies. The tools include packet-filtering technologies such as ACLs, firewalls and intrusion detection systems (IDSs) both network-based and host-based.

ACLs (Access Control List)

ACLs are filtering mechanisms explicitly defined based on packet header information to permit or deny traffic on specific interfaces. ACLs are used in multiple locations within the Data Center such as the Internet Edge and the intranet server farm. The following describes standard and extended access lists:

Standard ACLs: the simplest type of ACL filtering traffic solely based on source IP addresses. Standard ACLs are typically deployed to control access to network devices for network management or remote access. For example, one can configure a standard ACL in a router to specify which systems are allowed to Telnet to it. Standard ACLs are not recommended option for traffic filtering due to their lack of granularity. Standard ACLSs are configured with a number between 1 and 99 in Cisco routers.

Extended ACLs: Extended ACL filtering decisions are based on the source and destination IP addresses, Layer 4 protocols, Layer 4 ports, ICMP message type and code, type of service, and precedence. In Cisco routers, one can define extended ACLs by name or by a number in the 100 to 199 range. [2]

Firewalls

A firewall is a sophisticated filtering device that separates LAN segments, giving each segment a different security level and establishing a security perimeter that controls the traffic flow between segments. Firewalls are most commonly deployed at the Internet Edge where they act as boundary to the internal networks. They are expected to have the following characteristics:

Inner-Outer Two layer DMZ with three or more flanking firewalls.png

Performance: the main goal of a firewall is to separate the secured and the unsecured areas of a network. Firewalls are then post in the primary traffic path potentially exposed to large volumes of data. Hence, performance becomes a natural design factor to ensure that the firewall meets the particular requirements.

Application support: Another important aspect is the ability of a firewall to control and protect a particular application or protocol, such as Telnet, FTP, and HTTP. The firewall is expected to understand application-level packet exchanges to determine whether packets do follow the application behavior and, if they do not, do deny the traffic.

There are different types of firewalls based on their packet-processing capabilities and their awareness of application-level information:

  1. Packet-filtering firewalls
  2. Proxy firewalls
  3. Stateful firewalls
  4. Hybrid firewalls [2]

IDSs

IDSs are real-time systems that can detect intruders and suspicious activities and report them to a monitoring system. They are configured to block or mitigate intrusions in progress and eventually immunize the systems from future attacks. They have two fundamental components:

Layer 2 security

Cisco Layer 2 switches provide tools to prevent the common Layer 2 attacks (Scanning or Probing, DoS, DDoS, etc.). The following are some security features covered by the Layer 2 Security:

Security measures

Gates at a data center to prevent unauthorized access SecureAreas.jpg
Gates at a data center to prevent unauthorized access

The process of securing a data center requires both a comprehensive system-analysis approach and an ongoing process that improves the security levels as the Data Center evolves. The data center is constantly evolving as new applications or services become available. Attacks are becoming more sophisticated and more frequent. These trends require a steady evaluation of security readiness.

A key component of the security-readiness evaluation is the policies that govern the application of security in the network including the data center. The application includes both the design best practices and the implementation details. [2] As a result, security is often considered as a key component of the main infrastructure requirement. Since a key responsibility of the data centers is to make sure of the availability of the services, data center management systems often consider how its security affects traffic flows, failures, and scalability. Due to the fact that security measures may vary depending on the data center design, the use of unique features, compliance requirements or the company's business goals, there is no set of specific measures that cover all possible scenarios. [23]

There exist in general two types of data center security: physical security and virtual security. [24]

Physical security

The physical security of a data center is the set of protocol built-in within the data center facilities in order to prevent any physical damage to the machines storing the data. Those protocols should be able to handle everything ranging from natural disasters to corporate espionage to terrorist attacks. [25]

A fingerprint scanner at a data center Physical security access control with a fingerprint scanner.jpg
A fingerprint scanner at a data center

To prevent physical attacks, data centers use techniques such as:

Virtual security

Virtual security is security measures put in place by the data centers to prevent remote unauthorized access that will affect the integrity, availability or confidentiality of data stored on servers. [29]

Virtual or network security is a hard task to handle as there exist many ways it could be attacked. The worst part of it is that it is evolving years after years. For instance, an attacker could decide to use a malware (or similar exploits) in order to bypass the various firewalls to access the data. Old systems may as well put security at risk as they do not contain modern methods of data security. [24]

Virtual attacks can be prevented with techniques such as

Company security

Some possible strategies on how to upgrade data security in a company:

  1. Determine the risks. Find all the tools that may store the data such as computers and databases, and make sure everything is stored in a compliant manner.
  2. Review current data security systems. Check for any updates in the current data security system if there are one. Sometimes, the stale data should be removed and it is also helpful to have cleanup software installed to help the company delete the unused or unneeded data.
  3. Gather a data security team. Build a professional internal security team that can help the company to secure its data and save money on hiring other security teams. The security team must have a recovery plan just in case something unexpected may happen.
  4. Update data security approach. Make sure only the authorized people can access the system. Encryption software is needed because it can protect the data from people who decrypt the system. If the proper key was not provided, the software can make the data seem useless to other people. Data masking software is another software that is helpful since it can hide some sensitive information from being seen. The last software is risk assessment software, which is a tool that helps users to monitor and check their network securities.

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">Denial-of-service attack</span> Type of cyber-attack

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

<span class="mw-page-title-main">Proxy server</span> Computer server that makes and receives requests on behalf of a user

In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. It improves privacy, security, and performance in the process.

Unix security refers to the means of securing a Unix or Unix-like operating system. A secure environment is achieved not only by the design concepts of these operating systems, but also through vigilant user and administrative practices.

Deep packet inspection (DPI) is a type of data processing that inspects in detail the data being sent over a computer network, and may take actions such as alerting, blocking, re-routing, or logging it accordingly. Deep packet inspection is often used for baselining application behavior, analyzing network usage, troubleshooting network performance, ensuring that data is in the correct format, checking for malicious code, eavesdropping, and internet censorship, among other purposes. There are multiple headers for IP packets; network equipment only needs to use the first of these for normal operation, but use of the second header is normally considered to be shallow packet inspection despite this definition.

Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs: conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: it secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

An application firewall is a form of firewall that controls input/output or system calls of an application or service. It operates by monitoring and blocking communications based on a configured policy, generally with predefined rule sets to choose from. The application firewall can control communications up to the application layer of the OSI model, which is the highest operating layer, and where it gets its name. The two primary categories of application firewalls are network-based and host-based.

Cisco PIX was a popular IP firewall and network address translation (NAT) appliance. It was one of the first products in this market segment.

An information security audit is an audit of the level of information security in an organization. It is an independent review and examination of system records, activities, and related documents. These audits are intended to improve the level of information security, avoid improper information security designs, and optimize the efficiency of the security safeguards and security processes. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized as technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases, and highlights key components to look for and different methods for auditing these areas.

Context-based access control (CBAC) is a feature of firewall software, which intelligently filters TCP and UDP packets based on application layer protocol session information. It can be used for intranets, extranets and internets.

<span class="mw-page-title-main">Wireless security</span> Aspect of wireless networks

Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the confidentiality, integrity, or availability of the network. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11 standard from 1997. It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WEP was superseded in 2003 by WPA, a quick alternative at the time to improve security over WEP. The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP. Enterprises often enforce security using a certificate-based system to authenticate the connecting device, following the standard 802.11X.

There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.

A distributed firewall is a security application on a host machine of a network that protects the servers and user machines of its enterprise's networks against unwanted intrusion. A firewall is a system or group of systems that implements a set of security rules to enforce access control between two networks to protect the "inside" network from the "outside" network. They filter all traffic regardless of its origin—the Internet or the internal network. Usually deployed behind the traditional firewall, they provide a second layer of defense. The advantages of the distributed firewall allow security rules (policies) to be defined and pushed out on an enterprise-wide basis, which is necessary for larger enterprises.

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet.

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

Cyber crime, or computer crime, refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers, more precisely, to criminal exploitation of the Internet. Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, identity theft, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.

A software-defined perimeter (SDP), also called a "black cloud", is an approach to computer security which evolved from the work done at the Defense Information Systems Agency (DISA) under the Global Information Grid (GIG) Black Core Network initiative around 2007. Software-defined perimeter (SDP) framework was developed by the Cloud Security Alliance (CSA) to control access to resources based on identity. Connectivity in a Software Defined Perimeter is based on a need-to-know model, in which device posture and identity are verified before access to application infrastructure is granted. Application infrastructure is effectively “black”, without visible DNS information or IP addresses. The inventors of these systems claim that a Software Defined Perimeter mitigates the most common network-based attacks, including: server scanning, denial of service, SQL injection, operating system and application vulnerability exploits, man-in-the-middle, pass-the-hash, pass-the-ticket, and other attacks by unauthorized users.

The following outline is provided as an overview of and topical guide to computer security:

This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.

References

  1. Craig Wolff (December 13, 1989). "Report Finds Fault With E.M.S. Computers". The New York Times . too many E.M.S. employees have access to ...
  2. 1 2 3 4 5 Maurizio Portolani, Mauricio Arregoces(2004). Data Center Fundamentals. Publishers, Cisco Press, 800 East 96th Street Indianapolis, IN 46240 USA, Chap.5
  3. 1 2 The Four Layers of Data Center Physical Security for a comprehensive and integrated Approach
  4. "What You Need to Know About Data Security in 2021". Security Intelligence. Retrieved 2022-04-10.
  5. "Data center robbery leads to new thinking on security".
  6. Jessica Silver-Greenberg (April 2, 2012). "After a Data Breach, Visa Removes a Service Provider". The New York Times .
  7. Robin Sidel (April 2, 2012). "Card Processor: Hackers Stole Account Numbers". The Wall Street Journal (WSJ). Visa yanked its seal of approval
  8. 2003 CSI/FBI report "Computer Crime and Security Survey." Archived 2022-11-23 at the Wayback Machine
  9. David Moore; Colleen Shannon (2001). "The Spread of the Code-Red Worm (CRv2)" . Retrieved 2006-10-03.
  10. "Net-Worm: W32/Nimda Description". F-secure.com (F-Secure Labs).
  11. John Leyden (February 6, 2003). "Slammer: Why security benefits from proof of concept code". The Register .
  12. "Port Scan attacks and its detection methodologies".
  13. Vitaly Shmatikov; Ming-Hsiu Wang. "Security Against Probe-Response Attacks in Collaborative Intrusion Detection" (PDF). The University of Texas at Austin.
  14. "Understanding Denial-of-Service Attacks". US-CERT. February 6, 2013. Retrieved May 26, 2016.
  15. Khalifeh,, Soltanian, Mohammad Reza. Theoretical and experimental methods for defending against DDoS attacks. Amiri, Iraj Sadegh, 1977-. Waltham, MA. ISBN   0128053992. OCLC 930795667.
  16. GIAC Certifications. Global Information Assurance Certification Paper.
  17. "eavesdrop - Definition of eavesdrop in English by Oxford Dictionaries". Oxford Dictionaries - English.
  18. Barwise, Mike. "What is an internet worm?". BBC.
  19. Stallings, William (2012). Computer security : principles and practice. Boston: Pearson. p. 182. ISBN   978-0-13-277506-9.
  20. "Warning of webmail wi-fi hijack". BBC News. August 3, 2007.
  21. "Modern Overflow Targets" (PDF).
  22. Li, Q. (May 2019). "LSTM-Based SQL Injection Detection Method for Intelligent Transportation System". IEEE Transactions on Vehicular Technology. 68 (5): 4182–4191.
  23. Cisco SAFE Reference Guide chap.4
  24. 1 2 Rich Banta Types of Data Center Security
  25. Sara D. Scalet 19 ways to build physical security into your data center Archived 2022-07-08 at the Wayback Machine
  26. 1 2 Security and Data Center Overview
  27. Google Infrastructure Security Design Overview
  28. Iliad Data Center, 'Data Center Security' Archived 2021-10-23 at the Wayback Machine chap.4
  29. Securing Microsoft's Cloud Infrastructure 2009.
  30. "Data Centre Management" (PDF). Archived from the original (PDF) on 2022-11-23. Retrieved 2018-06-30.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.