Today, the teacher extended to us a number of enterprise-related computer room protection system, network physical security related knowledge, in this record
The physical security of the network mainly refers to the earthquake, flood, fire and other environmental accidents, power failure, human error or mistake, equipment stolen, destroyed, electromagnetic interference, line interception. and high-availability hardware, dual-machine multi-redundant design, computer room environment and alarm system, security awareness. It is the whole network system security premise, so to formulate a sound security management system, good backup, and strengthen the management of network equipment and computer room, these risks can be avoided
(1) The company's internal network
(2) IDC Data Center Room Network
(2.1) Type of room
IDC room is divided into single-line room, double-wire room and BGP room, the price from low to high
Single-wire room refers to telecommunications or netcom, applicable to personal sites, forums and so on
Double-line Machine room refers to telecom + Netcom, because the South Telecom users more, the North Netcom users more, sometimes need to cross-regional access to the computer room when the double-line room
BGP Room: There are three lines, five line. Full line (seven lines), three-wire room refers to telecommunications + Netcom + mobile, for example, sometimes mobile phone app needs three operators can be used by users, the full range of general use for games, financial aspects
(2.2) Protection system of computer room
Observe the protection system of the computer room, whether there is anti-DDoS hardware equipment, is a single defense or linkage prevention, at least six g of traffic defense
If your company buys a G traffic defense in the IDC room, what happens to the room when it attacks more than one g of traffic?
1. IP, Computer room administrator will be closed to your IP, known as black hole, according to the time of the solution is different with a second solution, and more than 24 hours to solve the seal
Second solution: Once you stop attacking, unlock it.
Time Solution: Whether it is no longer attack, after two hours to unlock
Over 24 hours of unpacking: One day after the closure
2. Pull the power directly, pull the cable
However, in many cases the server can not be restarted or shut down, and some servers may not be restarted for many years, once restarted does not necessarily open all services again, this situation is best not to take
(2.3) Management system of computer room
1) Whether the entrance is authorized to enter
2) is anyone 7 * 24 hours on duty
3) Whether the computer room is zoned area management
4) Is there an electronic access control system to identify and record entry personnel
(2.4) Power system
A minimum of two-way power supply allows for seamless switching
(2.5) Refrigeration system
IDC Room Standard temperature: 23 degrees
(2.6) Network architecture
Whether backbone line redundancy is available at the total Network entry location
(3). Selection of physical equipment
(3.1) Firewall
Firewall is divided into: software firewall and hardware firewall
Common hardware firewalls have traditional firewalls and next-generation firewalls (application firewalls)
Traditional firewalls are primarily for the next four layers, and the next-generation firewalls can be defended against the application layer, which is more comprehensive than traditional firewalls
Note: The firewall does not have anti-DDoS attacks, there are professional defense equipment: Green Union, Golden Shield
Common hardware firewall manufacturers are: Cisco (Cisco), Huawei, Juniper, Tian Rong letter, deep convincing, etc.
(3.2) Network equipment
Routers, Switches
Common network equipment Manufacturers are: Cisco, Huawei, Tengda. Tp-link, Rui Jie, etc.
(3.3) Server
The server is divided into: blade, Tower, rack-type, mini-machine
Common server manufacturers are: Dell, HP, Wave, IBM
(3.4) Cabinet
Cabinet is divided into: 36U and 38U a U is 4.44cm
Common manufacturers: Datang, totem, jump chart
(3.5) power supply (PDU)
Common manufacturers of PDUs are: Datang, totem, jump chart, APC
(3.6) Cable
Manufacturers have: a boat (ship), Tsinghua Tongfang, TCL, Siu Lung, green Silicon Valley
Physical security expansion of enterprise room