H3C Safety product line technical director Ying and:
With the increasing application of it, the value of data center is increasing, and the security construction of data center is also imminent. In the face of increasingly complicated applications and frequent external attacks, a good data center can guarantee the security of data besides the storage and transmission of data. In the face of the ever-changing external attacks, the construction of data centers has a higher demand for security.
Four dimensions of security requirements
The security requirements for data centers are somewhat generic, such as zoning and address planning issues, malicious code protection issues, malicious intrusion issues, and some are unique to the confidentiality requirements, such as two-tier security protection, database audit, etc. some are unique service assurance requirements, such as server, link and site http:// Www.aliyun.com/zixun/aggregation/13996.html "> Load Balancing, Application system optimization, etc. Overall, data center security needs can be measured from four dimensions: General security requirements, business information confidentiality requirements, business service assurance requirements, business security performance requirements.
Common security threats may occur when an attacker attacks a network, operating system, or application system through malicious code or Trojan horse programs, unauthorized access to external networks, or downloading/copying software or files, and the introduction of viruses when suspicious messages are opened; An attacker exploits an application system, The Backdoor program attacks the system in the operating system; The authorization user operation error causes the system file to be overwritten, the data is lost or cannot use.
Business information security threats include: internal personnel to use technology or management loopholes, unauthorized modification of important system data or system procedures; Attackers use various tools to obtain identity data, analyze and dissect discriminant data, obtain authentication information, unauthorized access to networks, systems, or illegal use of applications, Files and data, and an attacker using the network structure to design defect bypass security policy, unauthorized access to the network.
Business Service Assurance threats refer to denial of service attacks such as attackers using denial-of-service attack tools such as distributed denial of service attacks, malicious consumption of networks, operating systems, and application system resources, resulting in denial-of-service attacks, access to identity data by various tools, analysis and dissection of discriminant data, and identification of information, Unauthorized access to networks, systems, or illegal use of applications, files and data, as well as extensive business-service capabilities, raise the threat of total cost of ownership.
Security construction performance Threat refers to: changes in business traffic result in security policy deployment needs to be adjusted, changes in business types lead to security deployment needs to be adjusted, network equipment management exists a different portal, decentralized management, leading to slow positioning problems, as well as lack of overall it planning, no effective technical means to make it planning, decision-making.
Data center security has "three high" requirements
Based on the analysis of the threat to the data center, the industry has given more consideration to the construction of data center security. As if casting a good lock now, not only requires advanced mechanical principles, but also supplemented by a variety of electronic technology. At present, the industry generally recognized that in the construction of data centers also need to break through the past ideas, stand at a higher altitude, more comprehensive rethinking the following:
The first is high security. The barrel principle intuitively illustrates the need for full defense of security, core data as the most valuable asset and lifeline of the enterprise, its security needs a strong guarantee, to avoid viruses, attacks, unauthorized access and disclosure, while safeguarding Access records review and supervision should be the data center for safe operation of the necessary conditions.
The second is high performance. After data and business concentration, process integration, new application systems such as information mining and real-time work put forward higher demands on the bandwidth, response time and throughput of the internal system of the data center, and the wide application of multimedia data, Web 2.0, Mobile 3G and high performance computing constantly devours the processing ability and network bandwidth of the data center.
Finally, high reliability. Data center has become the heart of enterprise IT system, how to ensure the data center in various conditions of security and stable operation, how to protect the data center of various business continuity, it is also a major challenge in the IT industry.
This "three high" can be said to be a safe and stable data center of the most basic, but also the most important requirements. In addition, application optimization, low cost and easy management, and the current industry-wide concept of green, are also a good data center should have the conditions.
Based on the in-depth study of data center architecture and the understanding of various security issues, H3C in its new generation of data center solutions through the ISPN Intelligent Security Infiltration Network concept, security-oriented network design, to achieve network and security intelligent Fusion management, for the next generation of data center applications to provide high-performance, High-security Data Center protection solution to provide customers with value-added data center network.
(Author: anon Editor: Zhang)