The data center is the heart of a company: This is where applications and information find a – ideally safe – home. Data and applications stored here must not fall into the wrong hands. Data centers are also the basis for new technologies: Cloud computing and the Internet of Things would be impossible without high-availability data centers. The demands are increasing – not only for high availability but also for IT security in the data center. Today’s article looks at various requirements that data centers should be able to withstand, address vulnerabilities and known attacks, and give you tips on IT security in your data center.
Increasing Dependency On IT
Our society is becoming increasingly dependent on secure and available IT – this is shown not least by current developments such as cloud computing, the IoT, or increasingly mobile work. All of these achievements would not be possible without high-availability data centers. Cloud solutions differ from conventional data centers in one crucial respect: if you talk about the security of cloud services, you usually mean data protection and protection against hacker attacks. Data centers are often well-positioned in this regard, but there are other risks.
Risks In Data Centers
Data centers are the physical equivalent of the cloud. As a result, there are other risks, such as building security, the air conditioning of the system, but also fire and access protection. A high level of attention must also be paid to fault management. Let’s take a look at each point:
- Building security: IT security in the data center starts with choosing a location. Data centers are made at a minimum distance from other buildings to prevent fires from spreading from other facilities. If possible, the building should not consist of combustible materials. Classic fire detectors can be combined with early fire detection. Such aspirating smoke detectors often detect sources of fire before a fire can break out. Networking with fire brigade or police departments is also recommended so that manual alarms can be saved in an emergency.
- Fire protection: If a fire breaks out, there are different ways of fighting the fire. Water mist extinguishing systems can extinguish with water, but this is not a very good idea in data centers due to high currents in server and utility rooms. The alternative is oxygen reduction systems: The oxygen content is reduced to below 20% so that fires cannot develop in the first place. Extinguishing gas systems is also possible: In a fire, these blow a specific gas mixture into the affected rooms at high pressure. This displaces oxygen and smothers the flames.
- Redundancy: Fires or other defects cannot always be prevented, so the focus must also be on redundancy. All relevant systems should be available multiple times (redundant) – especially critical systems such as network equipment, emergency power generators, or UPS. As a rule, RAID systems are used in data centers, in which data is stored in parallel on different hard disks. If it burns so that the server is destroyed, this multiple protection is of little use. This is why spatially separate backups are essential for critical data.
Data Center: Vulnerabilities & Attacks
Data centers are popular targets for cybercriminals, and they use various means and methods to get data and information. This includes, for example, social engineering, a technique of social manipulation in which employees are targeted and tricked into disclosing passwords or giving criminals access in other ways.
It is also often made easy for cybercriminals, for example, with weak passwords. If insecure classics such as “123456” or “password” are used, criminals can quickly gain access to the data center.
Although the “human factor” is decisive in previous attack scenarios, users are not the only possible weak point in the data center. Incorrect configurations can also open the door to cybercriminals. For example, attackers can force improperly configured servers to shut down, and they might also inject malicious code, which unsuspecting users then download.
In addition, data centers are prone to so-called “spoofing” attacks, in which the actual source of malicious programs is disguised. FOR EXAMPLE, with IP spoofing, a message supposedly coming from a trustworthy host is thus incorrectly classified as secure and ends up in the internal network. However, you can use firewalls to protect your network against IP spoofing.
Data centers with all their data are tempting for attackers. Cyber attacks on data centers usually occur accordingly: They are often well-planned operations in which the malicious actors go to work with a lot of patience and persistence. They do whatever it takes to fly under the radar, avoiding detection by security teams. In addition to the points mentioned above, the following are particularly at risk:
- Admin access: By their very nature, admins have far-reaching rights, making them attractive targets. For example, without exploiting application vulnerabilities, attackers can gain backdoor access through management protocols. Access control based on IT roles in the data center is therefore essential. The use of virtual security tools is helpful so that IT managers can set policies that identify users. With two or multi-factor authentication, users can confirm their identity. Only authorized users have access.
- Closing the local authentication gap: Many data centers leverage local authentication options to access managed hosts and workloads in an emergency. However, these local authentication options lack logging, allowing attackers who find the credentials by compromising an administrator to access the data center unnoticed.
- IPMI as the primary attack vector: Virtualization is standard in the data center – yet virtualized environments run on physical hardware. Like the virtual environments, these physical servers have management planes with their management protocols, power supplies, storage, and processors. Because of this structure, administrators can “mount” hard drives, i.e., integrate them into the system directory. Such actions are usually carried out via protocols such as “Intelligent Platform Management Interface” – IPMI. This has advantages – like server re-images can be performed even when the primary server is down. However, this also has disadvantages: the weak points in IPMI and the protocols are well documented, and updates are often only delivered slowly.
- Data theft: The theft of data is usually the target of possible attacks. Most of the time, vast amounts of data are moved out of the data center. However, some attackers are more patient and extract data as slowly as possible to remain undetected. Data exfiltration is also possible via hidden tunnels: criminals try to disguise the interception within the permitted data traffic.
- Mixing physical & virtual context: Attackers proceed in increasingly complex ways. For example, they could first compromise an employee’s computer using phishing or social engineering. In the next step, cybercriminals often try to nest themselves in the network – i.e., to establish persistence. This is how they manage to work their way up from the first victim. Criminals often set up hidden tunnels or backdoors to control an ongoing attack. This is how access and communication to the outside succeed. Gradually, the attackers can get an overview of the network to search for resources, devices, and user data. Of course, administrator accesses are the most valuable, as they guarantee a significant degree of autonomy within the network.