Physical security expansion of enterprise room

Today, the teacher extended to us a number of enterprise-related computer room protection system, network physical security related knowledge, in this record

The physical security of the network mainly refers to the earthquake, flood, fire and other environmental accidents, power failure, human error or mistake, equipment stolen, destroyed, electromagnetic interference, line interception. and high-availability hardware, dual-machine multi-redundant design, computer room environment and alarm system, security awareness. It is the whole network system security premise, so to formulate a sound security management system, good backup, and strengthen the management of network equipment and computer room, these risks can be avoided

(1) The company's internal network

(2) IDC Data Center Room Network

(2.1) Type of room

IDC room is divided into single-line room, double-wire room and BGP room, the price from low to high

Single-wire room refers to telecommunications or netcom, applicable to personal sites, forums and so on

Double-line Machine room refers to telecom + Netcom, because the South Telecom users more, the North Netcom users more, sometimes need to cross-regional access to the computer room when the double-line room

BGP Room: There are three lines, five line. Full line (seven lines), three-wire room refers to telecommunications + Netcom + mobile, for example, sometimes mobile phone app needs three operators can be used by users, the full range of general use for games, financial aspects

(2.2) Protection system of computer room

Observe the protection system of the computer room, whether there is anti-DDoS hardware equipment, is a single defense or linkage prevention, at least six g of traffic defense

If your company buys a G traffic defense in the IDC room, what happens to the room when it attacks more than one g of traffic?

1. IP, Computer room administrator will be closed to your IP, known as black hole, according to the time of the solution is different with a second solution, and more than 24 hours to solve the seal

Second solution: Once you stop attacking, unlock it.

Time Solution: Whether it is no longer attack, after two hours to unlock

Over 24 hours of unpacking: One day after the closure

2. Pull the power directly, pull the cable

However, in many cases the server can not be restarted or shut down, and some servers may not be restarted for many years, once restarted does not necessarily open all services again, this situation is best not to take

(2.3) Management system of computer room

1) Whether the entrance is authorized to enter

2) is anyone 7 * 24 hours on duty

3) Whether the computer room is zoned area management

4) Is there an electronic access control system to identify and record entry personnel

(2.4) Power system

A minimum of two-way power supply allows for seamless switching

(2.5) Refrigeration system

IDC Room Standard temperature: 23 degrees

(2.6) Network architecture

Whether backbone line redundancy is available at the total Network entry location

(3). Selection of physical equipment

(3.1) Firewall

Firewall is divided into: software firewall and hardware firewall

Common hardware firewalls have traditional firewalls and next-generation firewalls (application firewalls)

Traditional firewalls are primarily for the next four layers, and the next-generation firewalls can be defended against the application layer, which is more comprehensive than traditional firewalls

Note: The firewall does not have anti-DDoS attacks, there are professional defense equipment: Green Union, Golden Shield

Common hardware firewall manufacturers are: Cisco (Cisco), Huawei, Juniper, Tian Rong letter, deep convincing, etc.

(3.2) Network equipment

Routers, Switches

Common network equipment Manufacturers are: Cisco, Huawei, Tengda. Tp-link, Rui Jie, etc.

(3.3) Server

The server is divided into: blade, Tower, rack-type, mini-machine

Common server manufacturers are: Dell, HP, Wave, IBM

(3.4) Cabinet

Cabinet is divided into: 36U and 38U a U is 4.44cm

Common manufacturers: Datang, totem, jump chart

(3.5) power supply (PDU)

Common manufacturers of PDUs are: Datang, totem, jump chart, APC

(3.6) Cable

Manufacturers have: a boat (ship), Tsinghua Tongfang, TCL, Siu Lung, green Silicon Valley

Physical security expansion of enterprise room