ProHoster > Blog > Utongi > Data center information security

Data center information security

Data center information security
Izvi ndizvo zvinotaridzika senzvimbo yekutarisa yeNORD-2 data center iri muMoscow

Iwe wakaverenga kanopfuura kamwechete nezve matanho akatorwa kuti ave nechokwadi chekuchengetedza ruzivo (IS). Chero anozviremekedza eIT nyanzvi anogona kudoma zviri nyore 5-10 IS mitemo. Cloud4Y inopa kutaura nezve kuchengetedzeka kweruzivo rwenzvimbo dzedata.

Paunenge uchive nechokwadi chekuchengetedzwa kweruzivo rwenzvimbo yedata, zvakanyanya "dzivirirwa" zvinhu ndezvi:

  • ruzivo zviwanikwa (data);
  • maitiro ekuunganidza, kugadzirisa, kuchengetedza uye kutumira ruzivo;
  • vashandisi vehurongwa uye vashandi vebasa;
  • zvivakwa zveruzivo, zvinosanganisira tekinoroji uye software nzira dzekugadzirisa, kufambisa uye kuratidza ruzivo, kusanganisira nzira dzekuchinjana ruzivo, masisitimu ekuchengetedza ruzivo uye zvivakwa.

Nzvimbo yebasa renzvimbo yedata zvinoenderana nemuenzaniso wemasevhisi akapihwa (IaaS/PaaS/SaaS). Zvinotaridzika sei, ona mufananidzo uri pazasi:

Data center information security
Chiyero cheiyo data centre yekuchengetedza mutemo zvinoenderana nemhando yemasevhisi anopihwa

Chinhu chinonyanya kukosha chekugadzira mutemo wekuchengetedza ruzivo kuvaka kutyisidzira uye intruder modhi. Chii chingave chinotyisa kune data data?

  1. Zviitiko zvakashata zvechisikigo, zvakaitwa nevanhu uye zvemagariro evanhu
  2. Magandanga, matsotsi, nezvimwe.
  3. Kutsamira kune vatengesi, vanopa, vanobatana, vatengi
  4. Kukundikana, kukundikana, kuparadza, kukuvadza kune software uye hardware
  5. Vashandi veData centre vanoshandisa kutyisidzira kwekuchengetedza ruzivo vachishandisa kodzero nemasimba akapihwa zviri pamutemo kwavari (vanotyora ruzivo rwemukati mekuchengetedza ruzivo)
  6. Vashandi veData centre vanoshandisa kutyisidzira kwekuchengetedza ruzivo kunze kwekodzero nemasimba akapihwa zviri pamutemo kwavari, pamwe nemasangano asiri chikamu chevashandi ve data data asi vanoedza kuwana kusingatenderwe uye zviito zvisina mvumo (vanotyora ruzivo rwekunze vanotyora)
  7. Kutadza kutevedzera zvinodiwa nevakuru vevatariri uye vanodzora, mutemo wezvino

Kuongorora njodzi - kuona zvinogona kutyisidzira uye kuongorora chiyero chemhedzisiro yekuitwa kwavo - kuchabatsira kusarudza nemazvo mabasa akakosha ayo nyanzvi dzekuchengetedza ruzivo rwe data data dzinofanirwa kugadzirisa, uye kuronga mabhajeti ekutenga hardware nesoftware.

Kuve nechokwadi chekuchengetedza inzira inoenderera inosanganisira matanho ekuronga, kuita uye kushanda, kutarisa, kuongorora uye kuvandudzwa kweruzivo rwekuchengetedza ruzivo. Kugadzira ruzivo rwekuchengetedza manejimendi masisitimu, ayo anonzi "Deming cycle".

Chikamu chakakosha chemitemo yekuchengetedza ndeyekugoverwa kwemabasa uye mabasa evashandi pakuita kwavo. Mitemo inofanirwa kugara ichiongororwa tichifunga nezvekuchinja kwemitemo, kutyisidzira kutsva uye nzira dziri kubuda dzekudzivirira. Uye, hongu, ruzivo rwekuchengetedza ruzivo runofanirwa kutaurirwa kune vashandi uye ivo vanofanirwa kudzidziswa.

Matanho esangano

Dzimwe nyanzvi dzinopokana nezve "bepa" chengetedzo, vachifunga nezve hunyanzvi hunoshanda hwekuramba kuedza kwekubira seyakanyanya kukosha. Chiitiko chaicho mukuona kuchengetedza ruzivo mumabhangi chinoratidza zvimwe. Nyanzvi dzekuchengetedza ruzivo dzinogona kunge dziine hunyanzvi hwekuziva nekudzikisa njodzi, asi kana vashandi vepa data vakasatevedzera mirairo yavo, zvese zvichave pasina.

Chengetedzo, sekutonga, haiunzi mari, asi inongoderedza njodzi. Nokudaro, inowanzobatwa sechinhu chinopindira uye chechipiri. Uye apo nyanzvi dzezvokuchengetedza dzinotanga kunyunyuta (uye dzine kodzero dzose dzokuita kudaro), kukakavadzana nevashandi nevakuru vemadhipatimendi anoshanda kunowanzomuka.

Kuvepo kwezviyero zveindasitiri uye zvinodiwa zvekutonga kunobatsira vashandi vezvekuchengetedza kudzivirira zvinzvimbo zvavo munhaurirano nevatungamiriri, uye yakabvumidzwa chengetedzo yeruzivo marongero, mirau nemaitirwo anoita kuti zvikwanisike kuona kuti vashandi vanotevedzera zvinodiwa zvakataurwa ipapo, zvichipa hwaro hwekuita kazhinji sarudzo dzisingafarirwe.

Kudzivirirwa kwenzvimbo

Kana nzvimbo yedata ichipa masevhisi uchishandisa iyo colocation modhi, kuchengetedzeka kwemuviri uye kutonga kwekuwana kune zvishandiso zvemutengi zvinouya kumberi. Nechinangwa ichi, zvivharo (zvikamu zvakakomberedzwa zvehoro) zvinoshandiswa, izvo zviri pasi pekutariswa kwevhidhiyo yemutengi uye uko kuwana kune data data data data kunorambidzwa.

Munzvimbo dzemakomputa dzehurumende, kuchengetedzwa kwemuviri hakuna kushata pakupera kwezana ramakore rapfuura zvakare. Paive nepass system, yekupinda kudzora nzvimbo, kunyangwe isina makomputa uye vhidhiyo makamera, masisitimu ekudzima moto - kana pakaitika moto, freon yaingoburitswa mukamuri yemuchina.

Mazuva ano, kuchengetedzwa kwemuviri kunopiwa zvakatonyanya. Access control uye manejimendi masisitimu (ACMS) yave nehungwaru, uye nzira dzebiometric dzekurambidza kupinda dziri kuunzwa.

Masisitimu ekudzimisa moto ave akachengeteka kune vashandi nemidziyo, pakati payo kuiswa kwekudzivirira, kuzviparadzanisa nevamwe, kutonhora uye hypoxic kukanganisa munzvimbo yemoto. Pamwe chete nemasisitimu anosungirwa ekudzivirira moto, nzvimbo dzedata dzinowanzoshandisa rudzi rwekushuvira kwekutanga moto yekuona system.

Kuchengetedza nzvimbo dze data kubva kune zvekutyisidzira kwekunze - moto, kuputika, kuparara kwezvivakwa zvekuvaka, mafashamo, magasi anoparadza - makamuri ekuchengetedza uye ma safes akatanga kushandiswa, umo sevha midziyo inodzivirirwa kubva kunenge zvese zvekunze zvinokuvadza.

The weak link murume

"Smart" vhidhiyo yekutarisa masisitimu, volumetric tracking sensors (acoustic, infrared, ultrasonic, microwave), uye mafambisirwo ekudzora masisitimu akadzikisa njodzi, asi haana kugadzirisa matambudziko ese. Zvishandiso izvi hazvibatsire, semuenzaniso, kana vanhu vakanyatsogamuchirwa kunzvimbo yedata neyakatakurwa chishandiso "kubata" chimwe chinhu. Uye, sezvinowanzoitika, kubata netsaona kunounza matambudziko makuru.

Kushanda kwenzvimbo yedata kunogona kukanganiswa nekushandiswa zvisina kunaka kwezviwanikwa nevashandi vayo, sekuchera zvisiri pamutemo. Mumamiriro ezvinhu akadaro, data center infrastructure management systems (DCIM) inogona kubatsira.

Vashandi vanodawo dziviriro, sezvo vanhu vachiwanzonzi ndivo vanonyanya kudzivirirwa link mukuchengetedza system. Kurwiswa kwakanangwa nematsotsi ehunyanzvi kazhinji kazhinji anotanga nekushandiswa kwemagariro einjiniya nzira. Kazhinji, masisitimu akachengeteka anodonha kana kukanganiswa mushure mekunge mumwe munhu adzvanya/kudhawunirodha/kuita chimwe chinhu. Njodzi dzakadai dzinogona kuderedzwa nekudzidzisa vashandi uye nekuita zvakanakisa maitiro epasi rose mumunda wekuchengetedza ruzivo.

Kudzivirirwa kweinjiniya zvivakwa

Kutyisidzirwa kwechinyakare pakushanda kwenzvimbo yedata kutadza kwemagetsi uye kutadza kutonhora kwehurongwa. Tajaira tyisidziro dzakadaro uye takadzidza nzira yokutarisana nadzo.

Chiitiko chitsva ndiko kuunzwa kwakapararira kwemidziyo ye "smart" yakabatana kunetiweki: inodzorwa UPS, yakangwara kutonhora uye yekufefetera masisitimu, akasiyana ma controller uye masensa akabatana nekutarisa masisitimu. Paunenge uchivaka muenzaniso wekutyisidzira wenzvimbo yedata, munhu haafanire kukanganwa nezve mukana wekurwiswa kweiyo network network (uye pamwe pane data data yakabatana IT network). Mamiriro acho akaomeswa nenyaya yekuti mimwe michina (semuenzaniso, chillers) inogona kuwanikwa kunze kwenzvimbo yedata, toti, padenga reimba yekurenda.

Kudzivirirwa kwenzira dzekukurukurirana

Kana iyo data data inopa masevhisi kwete chete pasi peiyo colocation modhi, saka iwe uchafanirwa kubata nekudzivirira kwegore. Maererano neCheck Point, gore rapfuura chete, 51% yemasangano pasi rese akatarisana nekurwiswa kwezvimiro zvemakore. DDoS inorwisa inomisa mabhizinesi, mavhairasi edzikinuro anoda rudzikinuro, kurwiswa kwakanangana nemabhangi masisitimu kunotungamira mukubiwa kwemari kubva kumaakaundi emunyori.

Kutyisidzira kwekupindira kwekunze zvakare kunetseka data centre ruzivo rwekuchengetedza nyanzvi. Iyo inonyanya kukosha kune nzvimbo dzedata kurwiswa kwakanangana nekumisa kupihwa masevhisi, pamwe nekutyisidzirwa kwekubira, kuba kana kugadziridzwa kwedata riri muiyo chaiyo zvivakwa kana kuchengetedza masisitimu.

Kuchengetedza yekunze perimeter yenzvimbo yedata, masisitimu echizvino-zvino ane mabasa ekuona uye kusarerekera kwakashata kodhi, kutonga kwekushandisa uye kugona kupinza proactive kudzivirira tekinoroji Threat Intelligence inoshandiswa. Mune zvimwe zviitiko, masisitimu ane IPS (intrusion prevention) mashandiro anoiswa nekugadziriswa otomatiki kweiyo siginecha yakaiswa kumiganhu yenzvimbo yakachengetedzwa.

Kuchengetedza kubva kuDDoS kurwiswa, makambani ekuRussia anowanzo shandisa ekunze nyanzvi masevhisi anotsausa traffic kune mamwe ma node uye anosefa mugore. Kudzivirirwa kudivi remushandisi kunoshanda zvakanyanya kupfuura kudivi remutengi, uye nzvimbo dzedata dzinoita sevarevereri mukutengesa kwesevhisi.

Kurwiswa kwemukati meDDoS kunogonekawo munzvimbo dzedata: munhu anorwisa anopinda mumaseva asina simba akadzivirirwa ekambani imwe inoisa midziyo yayo ichishandisa colocation modhi, uye kubva ipapo, kuburikidza netiweki yemukati, inoita kuramba kwekurwiswa kwesevhisi kune vamwe vatengi venzvimbo iyi yedata.

Kutarisa kune chaiwo nharaunda

Izvo zvinodikanwa kuti titarise zvakatemwa zvechinhu chakadzivirirwa - kushandiswa kwezvishandiso zvekushandisa, shanduko ine simba muIT zvivakwa, kubatana kwesevhisi, apo kurwisa kwakabudirira kune mumwe mutengi kunogona kutyisidzira kuchengetedzwa kwevavakidzani. Semuyenzaniso, nekubira kumberi docker kana uchishanda muPaaS zvichibva paKubernetes, anorwisa anogona kubva awana ruzivo rwese password uye kunyange kuwana kune orchestration system.

Zvigadzirwa zvakapihwa pasi peiyo sevhisi modhi zvine yakakwira degree re automation. Kuti usakanganise bhizinesi, nzira dzakasimudzwa dzekudzivirira ruzivo dzinofanirwa kunge dzisina dhigirii reotomatiki uye yakachinjika kuyera. Kuyera kunofanirwa kupihwa pamatanho ese ekuchengetedza ruzivo, kusanganisira otomatiki yekutonga kwekuwana uye kutenderera kwemakiyi ekuwana. Basa rakakosha kuyera functional module anoongorora network traffic.

Semuenzaniso, kusefa network traffic pakushandisa, network, uye masesheni mazinga munzvimbo dzakanyanya virtualized data dzinofanirwa kuitwa pamwero we hypervisor network modules (semuenzaniso, Distributed Firewall kubva kuVMware) kana nekugadzira sevhisi cheni (virtual firewalls kubva Palo Alto Networks).

Kana paine kushaya simba pamwero we virtualization yezviwanikwa zvekombuta, kuedza kugadzira yakazara ruzivo rwekuchengetedza sisitimu padanho repuratifomu kuchave kusashanda.

Mazinga ekuchengetedza ruzivo munzvimbo dze data

Iyo yakajairika nzira yekudzivirira ndeyekushandiswa kweakasanganiswa, akawanda-level ekuchengetedza ruzivo masisitimu, anosanganisira macro-segmentation padanho re firewall (kugoverwa kwezvikamu zvenzvimbo dzakasiyana dzebasa rebhizinesi), micro-segmentation yakavakirwa pane chaiwo firewall kana kumaka kweboka traffic (mushandisi mabasa kana masevhisi) inotsanangurwa nekuwana marongero.

Chinhanho chinotevera ndechekuona zvinokanganisa mukati uye pakati pezvikamu. Traffic dynamics inoongororwa, izvo zvinogona kuratidza kuvepo kwezviitiko zvakashata, senge network scanning, DDoS kurwisa kuedza, kudhawunirodha data, semuenzaniso nekucheka mafaira edatabase nekuaburitsa muzvikamu zvinoonekwa nguva nenguva panguva refu. Huru mavhoriyamu etraffic anopfuura nepakati data, saka epamberi yekutsvaga algorithms inofanirwa kushandiswa kuona anomalies, uye pasina ongororo yepakiti. Izvo zvakakosha kuti ucherechedze kwete chete zviratidzo zvehutsinye uye zvisina kujairika chiitiko, asiwo mashandiro emalware kunyangwe mumigwagwa yakavharidzirwa pasina decryption, sezvakarongwa muCisco mhinduro (Stealthwatch).

Mutsara wekupedzisira wedziviriro ndeyekuchengetedza nzvimbo dzemuno network endpoints: maseva nemichina chaiyo, semuenzaniso, kushandisa vamiririri vakaiswa pamagumo (virtual machines) inoongorora yekupinza/kubuda, kudzima, kukopa uye network zviitiko, uye kutumira data kune. gore, uko kuverengerwa kwakanyanya kunoitwa. Ikoko, kuongororwa kunoitwa uchishandisa Big Data algorithms, muchina logic miti inovakwa, uye anomalies anoonekwa. Iwo maalgorithms ega anodzidza zvichienderana nehuwandu hukuru hwe data inopihwa neiyo global sensor network.

Zvinokwanisika kuita pasina kuisa vamiririri. Maturusi emazuva ano ekuchengetedza ruzivo anofanirwa kunge asina mumiriri uye akabatanidzwa mumasystem anoshanda padanho re hypervisor.
Matanho akanyorwa anoderedza zvakanyanya njodzi dzekuchengetedza ruzivo, asi izvi zvinogona kunge zvisina kukwana kune data nzvimbo dzinopa otomatiki epamusoro-njodzi yekugadzira maitiro, senge zvidyarwa zvemagetsi enyukireya.

Regulatory zvinodiwa

Zvichienderana neruzivo rwakagadziriswa, yemuviri uye yakadhirowa data center zvivakwa zvinofanirwa kusangana zvakasiyana chengetedzo zvinodiwa zvakaiswa mumitemo uye indasitiri zviyero.

Mitemo iyi inosanganisira mutemo "Pamusoro pe data rega" (152-FZ) uye mutemo "Pakuchengetedzeka kwenzvimbo dzakakosha dzezvivakwa zveRussian Federation" (187-FZ), iyo yakatanga kushanda gore rino - hofisi yemuchuchisi yakatotanga kufarira kufambira mberi kwekushandiswa kwayo. Nhaurirano pamusoro pekubatanidzwa kwenzvimbo dzedata kune dzakakosha ruzivo rwezvivakwa zvemasangano ichiri kuenderera mberi, asi kazhinji, nzvimbo dzedata dzinoshuvira kupa masevhisi kune dzakakosha ruzivo rwezvivakwa zvinofanirwa kutevedzera zvinodiwa nemutemo mutsva.

Izvo hazvizove nyore kune data centers iyo inotambira nyika ruzivo masisitimu. Maererano neRF Government Resolution ye11.05.2017 Nha. Uye nzvimbo yedata inoda kugamuchira GIS inofanira kusangana nezvinodiwa nevatongi pachine nguva.

Kwemakore makumi matatu apfuura, data centre yekuchengetedza masisitimu yakauya kure: kubva kune nyore kudzivirira kwemuviri masisitimu uye matanho ehurongwa, ayo asina kurasikirwa nekukosha kwawo, kune yakaoma akangwara masisitimu, ayo anowedzera kushandisa zvinhu zvehungwaru hwekugadzira. Asi kukosha kwemaitiro hakuna kuchinja. Iyo yakawanda yemazuva ano tekinoroji haizoponesi pasina matanho ehurongwa uye kudzidziswa kwevashandi, uye mapepa - pasina software uye hunyanzvi mhinduro. Chengetedzo yenzvimbo yedata haigone kuvimbiswa zvachose, ibasa remazuva ese kuona kutyisidzira kwekutanga uye kugadzirisa zvizere matambudziko ari kubuda.

Ndezvipi zvimwe zvaungaverenga pane blog? Cloud4Y

Kugadzirisa top muGNU/Linux
MaPentesters ari kumberi kwecybersecurity
Iyo nzira yehungwaru hwekugadzira kubva kune inonakidza pfungwa kuenda kuindasitiri yesainzi
4 nzira dzekuchengetedza pane cloud backups
Mutt nyaya

Nyorera kune yedu teregiramu-chiteshi, kuti usapotsa chinyorwa chinotevera! Isu tinonyora kwete kanopfuura kaviri pavhiki uye chete pabhizinesi. Tinokuyeuchidzawo kuti unogona mahara kuyedza Cloud mhinduro Cloud4Y.

Source: www.habr.com

Tenga inovimbika yekutambira kwemasaiti ane DDoS dziviriro, VPS VDS maseva 🔥 Tenga webhusaiti yakavimbika ine dziviriro yeDDoS, maseva eVPS VDS | ProHoster