TRD 20 Facing the Security Needs of Your Data Center: An
Download
Report
Transcript TRD 20 Facing the Security Needs of Your Data Center: An
TRD 20 Facing the Security
Needs of Your Data Center:
An End User’s Perspective
Daun Johnson: CISSP, MCSE, CVE4.0,
NCDA, CORM, CDCE: Data Center
Supervisor for NTUA
1
TRD 20 Facing the Security
Needs of Your Data Center
Security What is it ?
• A feeling of safety
• A state of Readiness
• A state of secureness
2
Why Do we need Security for Data Centers
Sensitive data
– Medical records
– Social Security numbers
– Financial transactions and cardholder data
– Intellectual property and confidential information
Critical infrastructure and key resources
– As defined by the Department of Homeland Security:
“The assets, systems, and networks, whether physical or virtual, so
vital to the United States that their incapacitation or
destruction would have a debilitating effect on
security, national economic security, public health or
safety, or any combination thereof.”
3
Protecting your information!
Physical Security
Tracks people
Limits access to areas, spaces
Provides audit of who accessed what
Integrates with video to provide
visual record
Logical Security
Tracks logins
Limits access to servers, folders and
applications
Provides audit trail of what login accessed
what data
4
Security Systems Trends
Moving from reactive toward predictive response
Providing additional operator control
Preserving existing capital investment
Regulatory requirements
– PCI DSS, HIPAA, Sarbanes-Oxley, etc.
5
Security Systems Trends
Analog-to-digital migration
– Digital allows better image management
Record, store, search, retrieve, share, send
System Integration for greater efficiency
Standardized structured approach
– Modular, flexible implementation
– Easy moves, adds and changes (MAC)
Anywhere - anytime monitoring
Video Analytics
6
Physical Protection Guidelines and Strategies
Crime Prevention Through Environmental Design
(CPTED)
– Awareness of how people use space
All space has a designated purpose
Social, cultural, legal and physical dimensions affect behavior
– Control physical setting to change behavior
Understand and change behavior in relation to physical
surroundings
Redesign space to encourage legitimate behaviors and
discourage illegitimate use
7
How Security Should Be looked at for a Data
Center
Site Selection
Defense in depth
– Implement layers of protection
– Ensure failure of one element in the
system will not create a critical
vulnerability in the whole system
– Delay penetration in event of
breaches
8
DC site Selection Criteria based on the TIA-942
Secure all cooling equipment, generators, fuel tanks or
access provider equipment outside the customer space
Computer rooms should not be located near a parking
garage
The building should not be located:
hill
– In a 100-year flood plain / near an earthquake fault / on a
subject to slide risk, / downstream from a dam or water tower
– Within ¼ mile of an airport, research lab, chemical plant,
landfill, river, coastline or dam
– Within ½ mile of a military base
– Within 1 mile of a nuclear, munitions or defense plant
– Adjacent to a foreign embassy
9
Security How Much or How little do you need
When we look at our Data Centers, we have to
decided during the planning stage what tier level.
The tier level will drive the security protocols
and measure that you will need to put in place.
10
Security How Much or How little do you need
This was the hard question to answer for us ?
Being on the Navajo Nation is somewhat security
No signage on the building added security
Being kind of hidden behind other buildings
Drive by a bunch of company owned and occupied homes
How Much More did we really need
How Far did we want to go with both Physical and Cyber Security
We put in a 8 foot high chain link fence with razor wire on top.
A motorized gate with badge access and camera and mic to gain access
Perimeter Breakage system along the fence on the inside
Camera's watching both inside and outside of the Data Center complex
Badge access to the main building of the NOC, escorted access inside the NOC and Data
Center Buildings once inside and signed in.
Badge and Bio readers to access the Data Center raised floor.
24/7/365 manned NOC for allowing access
11
Current Biggest Security Threats
Threat No. 1: Cyber crime syndicates
Threat No. 2: Small-time cons -- and the money mules and
launders supporting them
Threat No. 3: Hacktivists
Threat No. 4: Intellectual property theft and corporate
espionage
Threat No. 5: Malware mercenaries
Threat No. 6: Botnets as a service
Threat No. 7: All-in-one malware
Threat No. 8: The increasingly compromised Web
Threat No. 9: Cyber warfare
12
Number one Security Problem
People
Written Passwords
Social Events
Phishers
To Trusting
13
TRD 20 Facing the Security
Needs of Your Data Center:
An End User’s Perspective
Daun Johnson
CISSP, MCSE, CVE4.0, NCDA,
CORM, CDCE
Data Center Supervisor for
NTUA
Email [email protected]
Phone 928-729-6147
14