This article originally appeared in the July 2011 issue of infoTECH Spotlight.
Since the dawn of the computing age, hackers and network security professionals have been in a constant tug of war between advancements and innovation, success and failure. Today, numerous surveys of IT decision makers cite the issue of security and availability as the major impediment to the adoption of cloud computing.
After a string of high-profile attacks against financial services companies and online retailers, Internet data centers are increasingly the targets of hackers and cybercriminals who view them as vulnerable to new and different kinds of attacks. Not surprisingly, Internet data center operators, public and private, must now reassess their defenses against the primary threat to availability – distributed denial of service attacks (DDoS).
Attacks are moving from volumetric-based – where they try to simply overwhelm the connection with data – to more sophisticated, application-layer attacks that target specific services and are not high-bandwidth, making them difficult to identify. The new application-layer DDoS attacks threaten a myriad of services from Web commerce to DNS and from email to online banking.
The following are five tips to secure your data center.
1. Protect data centers from threats that cannot be stopped by other security devices
Data center operators have a tendency to deploy firewalls and Intrusion (News - Alert) Prevention Systems (IPS) in front of data center assets. While key elements of an overall security strategy, firewalls and IPS devices are not effective solutions against DDoS attacks. Because these devices constantly maintain state information for every session established between a client on the Internet and the corresponding server in the data center, these products themselves are commonly targets of DDoS attacks. According to Arbor’s 2010 “Worldwide Infrastructure Security Report,” a solid majority of those who have deployed these devices within their data centers experienced firewall and/or IPS failure as a direct result of DDoS attacks during the survey period.
Recently, NSS Labs released its “Network Firewall Comparative Group Test Report,” which found two major issues. One is stability where three out of six firewall products failed to remain operational when subjected to stability tests. The second issue is that external hackers were able to trick firewalls into allowing them inside the firewall of a trusted client. The conclusion can be drawn that firewalls and IPS are not effective solutions against threats such as DDoS attacks.
2. Secure the availability of most the important asset: the data center services
Availability should be considered first and foremost because all other aspects do not matter if the services are not available. If users cannot access the services offered or hosted, then all other security concerns such as integrity and confidentiality are simply not relevant. Service providers must consider threats against availability such as DDoS as they design their security policies, and on the flip side, companies must consider threats against availability as they evaluate cloud providers.
When Internet-facing services are down due to attacks against availability, the impact can have severe business consequences. Only a few minutes of downtime can be very costly. Moreover, it can tarnish the brand, lower employee productivity, and even result in penalties or service level agreement credits.
3. Protect the data center infrastructure and connectivity as well as customer services and data
Beyond protecting critical services from threats, data center operators must be aware of threats against the infrastructure and the pipes into and out of their data centers. A large-scale DDoS attack against the infrastructure can initially be stopped on-premise in the data center, but as the attack grows in volume, the data center operator must partner with upstream Internet Service Providers (ISPs) or Managed Security Service Providers (MSSPs) to stop the large-scale attack.
Data center operators must have established procedures to communicate with bandwidth suppliers. Leveraging technologies to streamline communications between the data center edge and the upstream providers is also critical. However, needing to figure out an ad-hoc plan be very daunting – especially during an attack.
4. Provide much needed visibility at the data center edge and inside data centers
Good security requires good visibility. Data center operators must invest in visibility and operational tools so they can gain the situational awareness to effectively address threats. From utilizing SIEMs to leveraging NetFlow technologies, data center operators should understand where threats are coming from externally, as well as what traffic is inside the data center. This visibility can help assure data is not being accessed or removed from your data center by unauthorized persons. It can also detect threats against availability before customers are affected.
5. Detect emerging threats by looking beyond the borders of the data center.
Because the threat landscape is continually evolving, operators need a 360-degree view to detect emerging trends and stop new threats. Global insight can be used to detect emerging trends and threats, resulting in policies that can be incorporated into data center security products to stop emerging threats and prevent attacks. Operators must be able to see beyond the walls of the data center in order to secure it.
Rakesh Shah is director of product marketing and strategy at Arbor Networks.