Five server configuration methods to ensure cloud security

More and more data centers have been moved to a variety of clouds, server configuration is a must-have problem.

Cloud computing will be the key to shrinking the data center, apparently this may bring some security issues need to be properly handled. SaaS server misconfiguration may lead to security issues, the usual measures to be taken are: to implement stringent security testing to strengthen the control of applications and infrastructure.

The general business can have three choices on server hosting. First, similar to http://www.aliyun.com/zixun/aggregation/14357.html "Public cloud providers such as Amazon EC2 will not have any relationship with the internal network of the enterprise." Second, On the infrastructure (including virtual servers) and hybrid cloud of third-party data centers, VPN tunnels are set up and returned to the enterprise to establish trust relationship. The third is private cloud, which establishes a virtual environment in the internal network.

Security requirements that may be required for these initiatives include:

First: After entering the new platform, any company's sensitive data is stored on it and must pass IP addresses or contain some form of two-factor authentication, however, the access needs to be encrypted.

Second: there must be a strong configuration to limit, if necessary, for some servers to establish workflow configuration. This will prevent the construction of unnecessary DMZs or product servers and will ensure that the company's intellectual property is not exposed in a low-security environment. These profiles must be combined with the enterprise's Active Directory infrastructure, and if someone is fired, their access to the platform should also be removed promptly.

Third: All servers must comply with the company's configuration management policies, such as patch management, virus protection, disable unnecessary services and centralized management.

Fourth: Need to ensure adequate availability and adequate backup to ensure disaster recovery.

Finally: Detailed reports and log records must be provided so that any mishandling or security issues can be identified and the logs must be compatible and able to be sent to the enterprise event monitoring infrastructure.

These are the main security, application and infrastructure control methods that businesses must address squarely, which is an inevitable requirement for server security deployment that is evolving in the new era.

The original from [net], reproduced please keep the original link: http://sec.chinabyte.com/445/12449445.shtml

(Editor: Liu Fen)