How to ensure a secure environment in the IDC

Maybe the Internet Data Center ("IDC" for short) is a familiar and unfamiliar place for everyone. Familiar, because we know that there are a lot of servers, including HP, IBM, DELL, inspur, Lenovo, and other brands. Although we all know that there is an Internet data center, it is not an ordinary place and can be accessed at will, there are many procedures for entry and exit of a formal Internet data center.

The Internet data center is not a common big room. Its construction must comply with the requirements of the national data center design standards and specifications. In addition, there are many and strict requirements on the IDC's site, floor load, temperature, humidity, power supply, lighting, and fire fighting.

Due to limited space, detailed parameters of each link in the data center are not described here.

How to ensure a secure environment in the IDC

I believe that anyone who knows about network security (including the network security of data centers, of course) knows the term "social engineering, social engineering is about the establishment of theories through natural, social, and institutional approaches, with special emphasis on solving various social problems step by step based on realistic two-way planning and design experience. Of course, social issues have a wide range of meanings, including network security. If you do not understand the meaning of social engineering, you can understand it in this way: do not rely on real computer technology, do everything possible to bypass various levels, finally, the target server system is entered.

So how should the Internet data center be secure? This should be included in the planning scope before the IDC construction. We will introduce the security environment outside the IDC and the security environment in the IDC in two aspects.

1. Security outside the IDC

Before IDC construction, you must consider the appropriate environment. If a data center is used to process a complex geographical location, the information security cannot meet the security requirements in a sense. After reading this, some friends may ask why? I want to build a big crowd location in the IDC. Now I want to give you an example in the real world. I believe it is easy for you to understand it. Assume that, due to actual needs, you must withdraw money from a bank or ATM (the money is a large amount) to ensure your personal safety and money security, you may choose to get it when there are few people in the bank. Data center IDCs are built within a relatively small volume of traffic. The difference is that when you choose a bank with a small flow of people, you get a huge amount of money to prevent accidents, such as robbery and kidnapping. The IDC room is also designed for accidents, for example, foreign organized espionage and anti-peaceful hostility personnel use high-tech means to monitor and sniff data in the IDC room. Of course, the data center rooms in this situation are all heavyweight data centers of interest to spies, but general data centers should also take preventive measures in this regard.

Now let's talk about the security close to the data center. The data center is basically in a building, and there should be a security guard on duty at the gate of the building, and the personnel entering and exiting the building should be carefully registered; data Centers are usually on duty 7x24 hours a day, and these people have played a certain role in security. If you are not close to a data center that is sensitive to security, you may have been monitored by closed-circuit monitoring. Therefore, a closed-circuit monitoring system is an essential security equipment in a regular data center.

Of course, this is in the aspect of human security, as well as the security of things, that is, fire hydrants and fire-fighting equipment. In case of an accident in a small area of the machine room, fire extinguishers can be used in a bid. In the event of an accident, you must be calm.

When the fire source is small and can be put out with a general fire extinguisher, you can directly use the fire extinguisher to calculate the fire source. If the fire source is large, the fire extinguisher will not work in handy, call the Power Engineer in charge of the data center to cut off the power supply in the shortest time, and then use a fire hydrant to extinguish the fire. What should I do if the fire source is very fierce and all the fire hydrants outside the data room cannot be used out? In order to minimize the loss, arrange for a person to extinguish the fire and then call the person for a fire call.

Here, let me say a few more words: Do not make low-level mistakes in the event of an accident. For example, remember the wrong fire call. The data center is responsible for changing the phone number of the electric power personnel and the fire extinguisher will not be used, no fire extinguishers, no water in the hydrant, etc.

At ordinary times, we should keep in mind the phone numbers of relevant personnel, such as those of the person in charge of the data center, the telephone number of persons in charge of power supplies in the data center, and regular inspections of fire extinguishers and fire hydrants, we also need to provide relevant training for data center personnel, so they will not use fire extinguishers. Friends of fire hydrant should learn it quickly.

2. Data Center Security

Generally, a closed-circuit monitoring system is deployed in a critical location in a large data center. Because every day, people in the data center machine room constantly enter and exit the maintenance server, and there is no need or need to assign special personnel to access the equipment room from time to time.

Anti-man is not a villain. However, in data center data centers, there are basically high-end servers, and the price may be several thousand yuan, and the price may be tens of thousands or even hundreds of thousands of yuan. However, in the IDC room, both the gentleman and the villain should be prevented. The customer's server components, especially hard disks, may not be worth much, but the data in the hard disk cannot be measured by the price. The customer's hard disk is stolen from your data center, and the consequences are unimaginable. Far away, here we are not talking about legal issues, but about network security. The hard disk even has no data, so we can't talk about network security.

Therefore, it is also necessary to deploy a closed-circuit monitoring system in the data room. At the same time, the recorded data of the monitoring system should also be well preserved. in case of an accident, you can find the recorded data for future reference at any time, it is used for analysis of various link problems.

In addition, anti-static floors, air conditioners, and other items in the IDC room are essential facilities to ensure the security of the IDC room.

In fact, it is very simple to do these tasks independently, but each of our administrators and friends needs to have a highly responsible heart. For example, regularly check whether the optical fiber lines are damaged, whether the Freon in the air conditioner is enough, and whether the fire extinguishing equipment has expired.

Network security involves a wide range of areas, including software security, hardware security, and some infrastructure security. In particular, it is necessary to ensure the security of software and hardware for servers in the data center on the basis of ensuring the external infrastructure of the data center. Otherwise, the subsequent network security will be impossible.