IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image

Safeguarding data centres

Mon, 1st Jun 2009
FYI, this story is more than a year old

Securing information is about the most important thing a business can do.Threats facing security administrators have developed from relatively trivial network access attempts into sophisticated criminal attacks. These attacks are aimed at turning a profit and at stealing sensitive corporate data. Implementing robust security to safeguard applications is a cornerstone in the effort to secure networks.But data center security challenges do not stop there. New application rollouts, virtualisation and an increasingly transparent perimeter are evolving the requirements for data center security. Application rollouts bring their own set of challenges for securing communications and security policies. Couple this with a virtualised environment and the challenge of policy enforcement, and visibility increases many times over.Traditionally, the perimeter has been the proverbial shield to stop malicious and unwanted outside traffic from leaking into the enterprise network. Creating a secure perimeter is still valid and essential in the defence against attacks and providing traffic filtering. But the amount and type of traffic entering the enterprise network has increased and continues to do so. Extranet connections for business partners, vendor connections, supply chain transactions and digital communications all require more openings to be created at the perimeter to allow communication. Permitting these business-driven openings creates greater opportunities for attack and elevates the risk to a network. In addition, the types of network attacks have changed in an attempt to subvert network protection and aim directly at applications. Attacks using programming languages like HTTP, XML and SQL are useful efforts for most attackers because these protocols are usually allowed to flow through enterprise networks and enter the data center. Virtualisation is also driving change in the way data centers are being designed and built. Server virtualisation is becoming a prevalent tool for consolidation, power savings and cost reduction. The question is, how do we layer security in a virtual world while maintaining controls? Security used to be a box that sat in-line with your network and was physically linked by cables to all systems. It was a security appliance approach. Now, it’s an entirely virtualised world, where even the local area network is virtualised. Previously we cabled-up security zones on the network, but now we have to extend that same philosophy to multiple virtualised servers inside machines. Today, it’s a software solution instead of a hardware one.Security is often considered as an afterthought in many architecture designs. In reality, it’s easier in the long run if security is considered as part of the core requirements and not as an add-on. But this depends on several business-related factors, and the drivers for security in the data center might change over time due to new application rollouts, compliance requirements, acquisitions and, regrettably, security breaches.Operating system vulnerabilities are continually found and published, and sophisticated attack tools are publicly available and becoming more user-friendly. This means that almost anybody has access to a wide variety of tools and vulnerabilities to exploit. In the 2002 Computer Security Institute/FBI security survey, respondents noted that approximately 40-45% of all attacks occurred from sources residing on the internal network. These survey results emphasise the increasing need to protect internal devices and applications from attacks and unauthorised access attempts. Data Centers should be designed to protect against external attacks as well as internal machines, and prevent compromised servers from infecting other servers or becoming agents that attack other devices. ProtectFirewalls at the perimeter of the network are the first layer of defence to keep threats at bay. A firewall allows trusted data and parties to flow freely, but restricts or prohibit access. Firewalls have traditionally been placed at the perimeter, but with the rise of the data center, where many corporate assets have been internalised, we now see internal firewalls going up as well. DetectIntrusion detection or prevention systems (IDS/IPS) alert the network and data center managers to potential threats. This is the second layer in setting up data center security protocols.An IPS is a behaviour-based system of sensors that sits in-line with your data center. If a data center is used to process 1000 transactions per minute and that number spikes to 10,000, that could be the result of an intrusion. What makes the IPS smart, is the ability to factor in context when identifying a threat – this is called correlation. The global correlation element is what makes these systems so effective. They will query databases about reputation and make judgement calls about the data set. If the 10,000 transactions are from New Zealand, they might be nothing to worry about, but if they are from Eastern Europe or Asia, where a large number of attacks originate from, the IPS could throttle back data center traffic or close it off completely.RespondIn addition to the servers and network devices, each security component offers isolated event log and alert features for anomaly detection, threat reaction and forensics. While it’s very useful to have this data, it can make it difficult to map out an overall security picture from individual data sources. This isolation yields a tremendous amount of noise, alarms, log files and false positives for operators to discern or effectively utilise. Security information and event management (SIM) products can alleviate these problems, helping administrators measure threats and effectively plan a strategy to combat them. These products centrally aggregate and correlate multiple security events and logs, analyse this data through correlation, query techniques, and generate alarms and reports about isolated events. In this way, information is gathered that can yield clues about one-off attacks, or systematic and repeated attempts to compromise the data center. Even though the data center is rapidly evolving into a virtual space rather than a physical one, the rules are still applicable. By thinking of ways and methods to safeguard the data center using the ‘protect, detect and respond’ methodology, you’re not only ensuring a comprehensive approach to security, but using triangulation to uncover any trouble spots. Data Center security has one added bonus that your home doesn’t: you can’t lock your keys inside.   

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X