Questions? Feedback? powered by Olark live chat software

Protect Your Infrastructure: Basics of Cloud Security

Presented by Chris Schwab and Matt Kinder on March 20th, 2014 at 11am EST

Send me future webinar alerts

Most Recent

Back to Webinars

Prefer to read what's in the video? See below for the transcript:

Protect Your Infrastructure: Basics of Cloud Security

This webinar focuses on the popular topic of infrastructure security and will provide a high-level overview of the ins and outs of datacenter security, network security and even application security. This webinar dials into the importance of a solid security strategy for your business, especially as it concerns your business-critical data.

What’s in this Fpwebinar?

  • Examine different types of security available
  • Physical security elements
  • Network security elements
  • Application security elements
  • Auditing your system and monitoring its success

Physical security involves:

  • Gated Parking
  • Security Cameras
  • Lack of signage
  • Staffed or unstaffed facilities
  • Door sensors
  • Cloaking the parking garage

Often, visitors are greeted by staff that makes them pass through a detailed check-in before allowing access. This could involve a badge or biometrics. Basically, the more money you spend, the easier it is to audit and control your physical security presence. Research shows that most breeches occur when someone is standing right in front of the system. (An example of this is the famous Target customer data breech.)

One tip would be to have a “fly trap area” at the entrance that lets deliveries or visitors access the building but not the actual datacenter where the data is kept.

Network security involves:

  • Edge of network
  • Routing protocols
  • Server security

Once the servers are in and set up, it is paramount to use rigid blueprints for everything you stand up. Edge of network is where public access begins. The routing protocol protects from the outside in. Server security involves patch management. Your firewall layers can be as robust or narrow as you like. It is critical to keep up with bugs as well.

Regarding network logging best practices:

  • Most enterprises have the ability to log every transaction
  • Retain as much data as you need
  • Flag any keywords or anomalies if possible
  • If an event or breach occurs, you’ll know quickly if logging is tied into alerting
  • Do your homework before deployment
  • Make sure you have all information you need

Application security involves:

  • Port access
  • Audit open ports

The port access essentially involves only keep the ports you need open. This can be established by auditing your current open ports and closing any that are not being used or do not to be open. IDS/IPS behind firewalls only see traffic getting through.

Regarding application security best practices:

  • HTTPS - Get an SSL Certificate
  • Make sure SQL is not accessible directly from the web
  • Segmentation will reduce risk
  • Sync user accounts
  • Implement and audit virus/malware scanner

Summary of this webinar:

  • Described types of security: Physical, Network and Application
  • Physical security - gated parking, cameras, sensors, lack of signage, biometrics, etc.
  • Network security - Routing protocols, patching, firewalls, logging, etc.
  • Application security - port access, HTTPS, segmentation, sync user accounts, etc.
  • Follow processes, audit processes

© Copyright 2017 LC. All Rights Reserved