Download - Cybersecurity in Data Centers - BICSI
![Page 1: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/1.jpg)
Cybersecurity in Data Centers
Murat Cudi ErentürkISACA CISA, ISO 27001 Lead AuditorGandalf Consulting and Software Ltd.
![Page 2: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/2.jpg)
What is Cybersecurity?• Information Security• IT Systems Security• Physical Security
![Page 3: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/3.jpg)
International Standards• Certified Information Security System Professional
(CISSP) Common Body of Knowledge (CBK).• International Organization for Standardization (ISO)
27001 and 27002, version 2013• (NIST) Risk Management Framework (RMF) and SP
800-53,63
![Page 4: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/4.jpg)
Threat landscape and motivations
![Page 5: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/5.jpg)
Trends in CybersecurityCybersecurity Effectiveness
Effe
ctiv
enes
s
Time
Cyber Defenses
Cyber AttacksDefense Capex Increase
~Defense Opex
~Attack Incentive
![Page 6: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/6.jpg)
Trends in CybersecurityIntelligent Attacker
• 7x24 In shifts• Attack research• Trained professionals
![Page 7: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/7.jpg)
Trends in CybersecurityDetect and Delay
This Photo by Unknown Author is licensed under CC BY-SA This Photo by Unknown Author is licensed under CC BY-NC
![Page 8: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/8.jpg)
Layer 1Layer 1
Layer 1
Trends in CybersecurityDefense in Depth
Layer 4
Layer 3
Layer 2
Layer 1
![Page 9: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/9.jpg)
Trends in CybersecurityCatch and Repel
This Photo by Unknown Author is licensed under CC BY-NC-NDThis Photo by Unknown Author is licensed under CC BY-NC-ND
![Page 10: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/10.jpg)
Physical SecurityPhysical Access Control (PAC) Technologies
• Components– Lock Systems– Card readers– Backend Servers
![Page 11: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/11.jpg)
Physical SecurityVulnerabilities and Countermeasures
Photo Identity Badge and PIN
Smart Card and PIN
Photo Identity Badge and password
Access Card and Password
Photo Identity BadgePassword
Ticket (Identity
Unknown)
Keys(Identity
Unknown)
Smart Card and PIN (Identity Unknown)
Restricted Crypography
Restricted Authentication Protocols
Physical PresenceProofed Identity
Verif
icat
ion
Stre
ngth
Identity Assurance
![Page 12: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/12.jpg)
Physical SecurityVulnerabilities and Countermeasures
Jon Doe
1002
234 Visitor
2002
234
![Page 13: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/13.jpg)
Physical SecurityCabling Security
![Page 14: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/14.jpg)
IT Systems SecurityNetwork Security
InstallationCost
Maintenance Cost
Separation of Networks
![Page 15: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/15.jpg)
IT Systems SecurityServer Security Technologies
Onboard Security Chips (TPM)• Cryptokey Generation, Storage• Best use: Disk Encryption
![Page 16: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/16.jpg)
IT Systems SecurityServer Security Technologies
• CPU Security Features– Write Protect– NXE/XD
• Protects against buffer overflows
This Photo by Unknown Author is licensed under CC BY-SA
![Page 17: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/17.jpg)
IT Systems SecurityFirmware Security Technologies
• Provided by Device Manufacturers• Compliments Hardware provided security
![Page 18: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/18.jpg)
IT Systems SecurityFirmware Security Technologies
This Photo by Unknown Author is licensed under CC BY-SA
UEFI in PC Firmware in Apple IoSThis Photo by Unknown Author is licensed under CC BY-SA
![Page 19: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/19.jpg)
IT Systems SecurityFirmware Security Technologies
• What to look for– Trusted Updates– Trusted Boot– Setup Passwords
![Page 20: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/20.jpg)
IT Systems SecurityFirmware Security Technologies
• Remote Management– Central Updates– Monitor Tampering– Change Passwords
![Page 21: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/21.jpg)
IT Systems SecurityTrusted Boot Sequence
Firmware Check
Boot Manager Check
Operating System Check
Driver Check
![Page 22: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/22.jpg)
IT Systems SecurityVirtualization Security Technologies
• Execution Partitions • Virtualization assisted
application whitelisting
Ring 0Ring 1
Ring 2
Ring 3
![Page 23: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/23.jpg)
IT Systems SecurityPower Distribution Security
• UPS/PDU Security• PoE Security
This Photo by Unknown Author is licensed under CC BY-SA This Photo by Unknown Author is licensed under CC BY-SA
![Page 24: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/24.jpg)
• IP Cameras, Recorders– Record Manipulation– Denial of Service
• Physical Access Control Systems– Unauthorized access– Covering tracks
IT Systems SecurityManagement Systems Security
![Page 25: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/25.jpg)
IT Systems SecurityScada Systems Security in DC
• Pumps• Compressors• CRAC Units• DCIM, BAS, BMS
This Photo by Unknown Author is licensed under CC BY-SA This Photo by Unknown Author is licensed under CC BY
![Page 26: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/26.jpg)
IT Systems SecurityScada Systems Security in DC
• Separate Networks• Disable unused
services/Controllers• Replace components that
can not be secured
Business Network
Supervisory Network
Control NetworkControl Network
Process Network
Process Network
Process Network
Process Network
![Page 27: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/27.jpg)
Cybersecurity OperationsIncreased Security for Availability Classes
“Match your monitoring system security AND availability with systems you monitor”
![Page 28: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/28.jpg)
Cybersecurity OperationsHolistic Approach
![Page 29: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/29.jpg)
Cybersecurity OperationsSecurity Operations Center
![Page 30: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/30.jpg)
Cybersecurity OperationsMinimize Operational Dependencies
IT SystemsSecurity Systems
Depends For Security
Depends For Operations
![Page 31: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/31.jpg)
Cybersecurity OperationsCybersecurity Frameworks
• NIST Risk Management Framework– Functions (Identify, Protect, Detect, Respond, Recover)– Tiers (Partial, Risk Informed, Repeatable, Adaptive)– Categories
![Page 32: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/32.jpg)
What can you do?
![Page 33: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/33.jpg)
What can you do?Asses your cybersecurity risks
• You have physical access to critical Data Center systems • You use a computer connected to the network• You use Internet for communication (E-mail, Social Media)
![Page 34: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/34.jpg)
What can you do?Select your laptop carefully
• Use a system with TPM (preferably with v2.0)
• Use disk encryption• Use secure boot
![Page 35: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/35.jpg)
What can you do?Select your laptop carefully
• All your driver updates should be downloaded from a verified and trusted location
![Page 36: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/36.jpg)
What can you do?Select your laptop carefully
• Use a supported and regularly updated OS AND Applications
![Page 37: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/37.jpg)
What can you do?Select your laptop carefully
• Use Advanced Threat Protection End Point Software
![Page 38: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/38.jpg)
What can you do?Use Secure Logon
• Use BIOS password• Use Startup password
This Photo by Unknown Author is licensed under CC BY-SA
![Page 39: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/39.jpg)
What can you do?Use Secure Logon
• Use Multi-Factor Authentication for your laptop AND all your cloud applications
• Come up with a system for generating and remembering passwords
![Page 40: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/40.jpg)
What can you do?USB Devices
• Best Solution: Do NOT use USB at all, network is easier to secure
• Second best: Do not insert ANY USB device to your machine that you do not know the origin. Use your own with a known brand.
![Page 41: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/41.jpg)
What can you do?Daily Cyber Hygiene
• Beware where you send your password • Do not use public Wi-fi without VPN• Do not connect to sites if SSL is broken• Do not leave your computer with even screen
locked
![Page 42: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/42.jpg)
What can you do?Secure your home network
• Use proper security on your wireless/Ethernet over power network
This Photo by Unknown Author is licensed under CC BY-NC-SA
![Page 43: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/43.jpg)
What can you do?Secure your home network
• Never put any device on your local network that you can’t update firmware– Network Printers– NAS Devices– Smart Home devices– Ethernet over power switches
![Page 44: Cybersecurity in Data Centers - BICSI](https://reader033.vdocument.in/reader033/viewer/2022041819/6254740b23f9601eeb088f53/html5/thumbnails/44.jpg)
Questions?