28
SECURING OUR DATACENTERS Jeffrey Lam ACP, RCDD AXIS COMMUNICATIONS 17 Nov 2016, 4.30pm

Defending our datacenters

Embed Size (px)

Citation preview

Page 1: Defending our datacenters

SECURING OUR DATACENTERSJeffrey Lam ACP, RCDD

AXIS COMMUNICATIONS 17 Nov 2016, 4.30pm

Page 2: Defending our datacenters

There are nosecure systems!You can only make systems more secure.

SECURING OUR DATACENTERSSecurity is not a product nor a feature; it’s an integration of culture, policies & systems

Page 3: Defending our datacenters

3 KEY THREATS & DEFENCES

DISPOSSESS

DISABLE

DISRUPT

TECHNICAL DEFENCE

Page 4: Defending our datacenters

Defence in Depth

Page 5: Defending our datacenters

Defence in Depth

MoatOuter Wall

Inner WallKeep / Tower

PerimeterBuilding

Critical SpacesStrongbox

Castle Datacenter

Page 6: Defending our datacenters

1. ARCHITECTURAL DEFENCEBARRIERSPerimeter fencingBuilding WallsComputer / plant roomsIT / control cabinet

ACCESSPerimeter GatesBuilding entrancesComputer room entrancesCabinet doors

CONNECTORSFacility groundsMantrapsElevatorsCorridors

LAYE

RS

Page 7: Defending our datacenters

PERIMETER LAYER

Page 8: Defending our datacenters

Security-based operations

BUILDING LAYER

Page 9: Defending our datacenters

Security-based operations

CRITICAL SPACES LAYER

Page 10: Defending our datacenters

STRONGBOX LAYER

Page 11: Defending our datacenters

PUBLIC ADDRESS

VOICE COMMS

OTHERS

INTRUDER DETECTION

SOFTWAREANALYTICS

VIDEO SURVEILIANCE

ACCESS CONTROL

2. TECHNICAL DEFENCE

Page 12: Defending our datacenters

PERIMETER – LOW LIGHT CAMERAS

Image without Lighfinder technology Image with Lighfinder technology

Page 13: Defending our datacenters

PERIMETER - THERMAL CAMERAS

Detect with thermal camera(AXIS Q1922) Visual camera

(AXIS Q1755)Zoom & identify with visual

camera (AXIS Q1755)

Page 14: Defending our datacenters

Security-based operations

PERIMETER – LARGE OPEN SPACES

AXIS Q60-E showing the zoomed-in view of interest.

Page 15: Defending our datacenters

BUILDING LEVEL – VARYING LIGHT LEVELS

Underexposedtrying to capture the environment outside

Overexposedtrying to capture the environment indoors

WDR Forsensic CaptureLooks slightly unreal, but

more useful for surveillance

Page 16: Defending our datacenters

Security-based operations

!

Post-event images

Security-based operationsPre-event images

Computer Room : integrated with IIM/DCIM

Security-based operationsEvent

Page 17: Defending our datacenters

ADVANCED COMPRESSION TECHNIQUES

Page 18: Defending our datacenters

> Small form factor> Installed at eye level – capture face> Integrated with audio & I/O > Integrated with DCIM / IIM > Single IP address for multiple cameras

STRONGBOX (RACK) LEVEL CAMERAS

Page 19: Defending our datacenters

INTRUSION DETECTION

Buried coilElectromagnetic

Infra-redOpen Area Sensor

PressureWall & floor sensors

Camera Analytics

Page 20: Defending our datacenters

Analytics

Audio Analytics

Video Analytics • Gunshot• Broken glass• Explosion • Screeching car• Voice – aggression• Voice – key words

• Perimeter protection• Facial recognition• People counting• Unauthorized access• Aggression detection• Smoke detection

Page 21: Defending our datacenters

IP PUBLIC ADDRESS SYSTEMAxis network speaker solutionTraditional analog speaker solution

Speaker

Amplifier

Tone control / Equalizer

Streaming box

All-in-one

Network switch Network PoE switch

- Speaker audio cable

- Line level audio cable

- Line level audio cable

- Network cable

- Network cable(Structured Cabling)

Page 22: Defending our datacenters

> Identification & verification– What you Have– What you Know– Who your Are

> 2 factor / 3 factor authentication> Turnstiles integration for Anti-passback & anti tailgate> System Management

– Token – lost / disabled– Passcode renewal / forgotten– Maintenance of biometrics database

ACCESS CONTROL

Page 23: Defending our datacenters

Other electronics systems• Key Management Systems• RFID Asset management systems• Visitors pass management systems• Mantrap with weighing scale /metal detector• Vehicle entry with weighing scale• Drone detection & disablement systems• Drone based surveillance system• Intruder response system – fog, net, etc• Etc.

COPYRIGHT TRAKKER

Page 24: Defending our datacenters

IoT – CENTRALISED CONTROL

Security-based operations

CAMERAS

PIR SENSORS

ILLUMINATOR

I/O CONTROLLERDOOR

CONTROLLER

SPEAKERS

MICROPHONE

INTERCOM

Page 25: Defending our datacenters

Standard hardening stops majority of attacks

Intuitive and user-friendly IT policies

System maintenance process

User education –Embrace security culture

How about Cybersecurity?

The goal is to make attacks expensive rather than impossible.

Page 26: Defending our datacenters

Integrated surveiliance & dtection

Page 27: Defending our datacenters

Security-based operations

Security Culture

3. OPERATIONAL DEFENCE• Security Awareness• Training, Tabletops & Drills• Audits, feedback &

Modifications• Event post-mortem &

Corrective actions

• Use of disabled cards• Perimeter breach• Left baggage• Tailgating• Unplanned deliveries• Unaccounted visitors

• Assets disposal• Visitor / vendors access• Maintenance / repair work• Employees backgd checks• Purch. & delivery new equip.• Emgy access by authorities / utilities

Event Response

Security - based operations

Page 28: Defending our datacenters

THANK YOUTo download Axis Commmunciations’

“Defending our datacenters” white paper, please visit http://bit.ly/2fZjtPf


Defending Best Intersts Practice Guide - Guardian ad Litem ......Defending Best Intersts Practice Guide January 2018 . Welcome to the Defending Best Interests ... , especially our

Defending Best Intersts Practice Guide - Guardian ad Litem ......Defending Best Intersts Practice Guide January 2018 . Welcome to the Defending Best Interests ... , especially our

Documents
Mini Formation - DataCenters

Mini Formation - DataCenters

Technology
Defending our true selves: being museums

Defending our true selves: being museums

Art & Photos
20110302 on vector green datacenters

20110302 on vector green datacenters

Business
“Improving our Understanding of WTO Law and Defending

“Improving our Understanding of WTO Law and Defending

Documents
Air Force Flight Test Center Defending Our Spectrum: What

Air Force Flight Test Center Defending Our Spectrum: What

Documents
Defending Our Pacific Summary of findings from the - Greenpeace

Defending Our Pacific Summary of findings from the - Greenpeace

Documents
Datacenters (4): Fault-Tolerance

Datacenters (4): Fault-Tolerance

Documents
Defending Our Faith-conscience and Obedience-speaking Prophetically or Judging Others

Defending Our Faith-conscience and Obedience-speaking Prophetically or Judging Others

Documents
Xpander: Towards Optimal-Performance Datacenters · expander datacenters can match the performance of today’s datacenters with roughly 80 85% of the switches. Beyond the above improvements

Xpander: Towards Optimal-Performance Datacenters · expander datacenters can match the performance of today’s datacenters with roughly 80 85% of the switches. Beyond the above improvements

Documents
SRE Classroom - USENIX · Defending Against Failure. ... Multiple datacenters in 3 regions: Europe, Asia, North America. ... In reality and given our architecture you can start with

SRE Classroom - USENIX · Defending Against Failure. ... Multiple datacenters in 3 regions: Europe, Asia, North America. ... In reality and given our architecture you can start with

Documents
PARTNERSHIP BOOTUP DATACENTERS

PARTNERSHIP BOOTUP DATACENTERS

Technology
Cybersecurity : defending our digital future

Cybersecurity : defending our digital future

Documents
Defending the Free Internet - Our Responsibility to Defeat Mass Surveillance

Defending the Free Internet - Our Responsibility to Defeat Mass Surveillance

Technology
Omantel Wholesale - GSI Telecom · Omantel National Backbone (Terabyte Routing Capability) Slide 9 index 2 our network 3 our datacenters 1 our strategy 4 our partners. Slide 10 our

Omantel Wholesale - GSI Telecom · Omantel National Backbone (Terabyte Routing Capability) Slide 9 index 2 our network 3 our datacenters 1 our strategy 4 our partners. Slide 10 our

Documents
Green datacenters

Green datacenters

Technology
DataCenters BestPractices

DataCenters BestPractices

Documents
Reliable Communication for Datacenters

Reliable Communication for Datacenters

Business
MULTIPLE ACTIVE DATACENTERS SOLUTION

MULTIPLE ACTIVE DATACENTERS SOLUTION

Documents
Definitions (Defensive) Defending territory Defending citizens Defending values Defending allies Defending preferred world order

Definitions (Defensive) Defending territory Defending citizens Defending values Defending allies Defending preferred world order

Documents
1.Introduction – About our projectIntroduction – About our project 2.Defending the castlesDefending the castles Portcullis Defending Passageway Murder

1.Introduction – About our projectIntroduction – About our project 2.Defending the castlesDefending the castles Portcullis Defending Passageway Murder

Documents
Automation datacenters

Automation datacenters

Business
Deerns Green Datacenters

Deerns Green Datacenters

Documents
06 DataCenters PGE

06 DataCenters PGE

Documents
France for Datacenters

France for Datacenters

Technology
Spanning Tree and Datacenters

Spanning Tree and Datacenters

Documents
Telecom argentina datacenters

Telecom argentina datacenters

Documents
PROTECTING BLACK LIVES & DEFENDING OUR COMMUNITIES

PROTECTING BLACK LIVES & DEFENDING OUR COMMUNITIES

Documents
Interconnection, Bandwidth and Datacenters

Interconnection, Bandwidth and Datacenters

Documents
Defending Our National Treasure · Defending Our National Treasure: A Department of Defense Chesapeake Bay Restoration Partnership 1998–2004, provides a showcase of the recent efforts

Defending Our National Treasure · Defending Our National Treasure: A Department of Defense Chesapeake Bay Restoration Partnership 1998–2004, provides a showcase of the recent efforts

Documents