Upload File

defending our datacenters

28
SECURING OUR DATACENTERS Jeffrey Lam ACP, RCDD AXIS COMMUNICATIONS 17 Nov 2016, 4.30pm

Upload: jeffrey-lam

Post on 14-Apr-2017

43 views

Category:

Engineering


5 download

Report

TRANSCRIPT

Page 1: Defending our datacenters

SECURING OUR DATACENTERS

Jeffrey Lam ACP, RCDD AXIS COMMUNICATIONS

17 Nov 2016, 4.30pm

Page 2: Defending our datacenters

There are nosecure systems!You can only make systems more secure.

SECURING OUR DATACENTERSSecurity is not a product nor a feature; it’s an integration of culture, policies & systems

Page 3: Defending our datacenters

3 KEY THREATS & DEFENCES

DISPOSSESS

DISABLE

DISRUPT

TECHNICAL DEFENCE

Page 4: Defending our datacenters

Defence in Depth

Page 5: Defending our datacenters

Defence in Depth

MoatOuter Wall

Inner WallKeep / Tower

PerimeterBuilding

Critical SpacesStrongbox

Castle Datacenter

Page 6: Defending our datacenters

1. ARCHITECTURAL DEFENCEBARRIERSPerimeter fencingBuilding WallsComputer / plant roomsIT / control cabinet

ACCESSPerimeter GatesBuilding entrancesComputer room entrancesCabinet doors

CONNECTORSFacility groundsMantrapsElevatorsCorridors

LAYE

RS

Page 7: Defending our datacenters

PERIMETER LAYER

Page 8: Defending our datacenters

Security-based operations

BUILDING LAYER

Page 9: Defending our datacenters

Security-based operations

CRITICAL SPACES LAYER

Page 10: Defending our datacenters

STRONGBOX LAYER

Page 11: Defending our datacenters

PUBLIC ADDRESS

VOICE COMMS

OTHERS

INTRUDER DETECTION

SOFTWAREANALYTICS

VIDEO SURVEILIANCE

ACCESS CONTROL

2. TECHNICAL DEFENCE

Page 12: Defending our datacenters

PERIMETER – LOW LIGHT CAMERAS

Image without Lighfinder technology Image with Lighfinder technology

Page 13: Defending our datacenters

PERIMETER - THERMAL CAMERAS

Detect with thermal camera(AXIS Q1922) Visual camera

(AXIS Q1755)Zoom & identify with visual

camera (AXIS Q1755)

Page 14: Defending our datacenters

Security-based operations

PERIMETER – LARGE OPEN SPACES

AXIS Q60-E showing the zoomed-in view of interest.

Page 15: Defending our datacenters

BUILDING LEVEL – VARYING LIGHT LEVELS

Underexposedtrying to capture the environment outside

Overexposedtrying to capture the environment indoors

WDR Forsensic CaptureLooks slightly unreal, but

more useful for surveillance

Page 16: Defending our datacenters

Security-based operations

!

Post-event images

Security-based operationsPre-event images

Computer Room : integrated with IIM/DCIM

Security-based operationsEvent

Page 17: Defending our datacenters

ADVANCED COMPRESSION TECHNIQUES

Page 18: Defending our datacenters

> Small form factor> Installed at eye level – capture face> Integrated with audio & I/O > Integrated with DCIM / IIM > Single IP address for multiple cameras

STRONGBOX (RACK) LEVEL CAMERAS

Page 19: Defending our datacenters

INTRUSION DETECTION

Buried coilElectromagnetic

Infra-redOpen Area Sensor

PressureWall & floor sensors

Camera Analytics

Page 20: Defending our datacenters

Analytics

Audio Analytics

Video Analytics • Gunshot• Broken glass• Explosion • Screeching car• Voice – aggression• Voice – key words

• Perimeter protection• Facial recognition• People counting• Unauthorized access• Aggression detection• Smoke detection

Page 21: Defending our datacenters

IP PUBLIC ADDRESS SYSTEMAxis network speaker solutionTraditional analog speaker solution

Speaker

Amplifier

Tone control / Equalizer

Streaming box

All-in-one

Network switch Network PoE switch

- Speaker audio cable

- Line level audio cable

- Line level audio cable

- Network cable

- Network cable(Structured Cabling)

Page 22: Defending our datacenters

> Identification & verification– What you Have– What you Know– Who your Are

> 2 factor / 3 factor authentication> Turnstiles integration for Anti-passback & anti tailgate> System Management

– Token – lost / disabled– Passcode renewal / forgotten– Maintenance of biometrics database

ACCESS CONTROL

Page 23: Defending our datacenters

Other electronics systems• Key Management Systems• RFID Asset management systems• Visitors pass management systems• Mantrap with weighing scale /metal detector• Vehicle entry with weighing scale• Drone detection & disablement systems• Drone based surveillance system• Intruder response system – fog, net, etc• Etc.

COPYRIGHT TRAKKER

Page 24: Defending our datacenters

IoT – CENTRALISED CONTROL

Security-based operations

CAMERAS

PIR SENSORS

ILLUMINATOR

I/O CONTROLLERDOOR

CONTROLLER

SPEAKERS

MICROPHONE

INTERCOM

Page 25: Defending our datacenters

Standard hardening stops majority of attacks

Intuitive and user-friendly IT policies

System maintenance process

User education –Embrace security culture

How about Cybersecurity?

The goal is to make attacks expensive rather than impossible.

Page 26: Defending our datacenters

Integrated surveiliance & dtection

Page 27: Defending our datacenters

Security-based operations

Security Culture

3. OPERATIONAL DEFENCE• Security Awareness• Training, Tabletops & Drills• Audits, feedback &

Modifications• Event post-mortem &

Corrective actions

• Use of disabled cards• Perimeter breach• Left baggage• Tailgating• Unplanned deliveries• Unaccounted visitors

• Assets disposal• Visitor / vendors access• Maintenance / repair work• Employees backgd checks• Purch. & delivery new equip.• Emgy access by authorities / utilities

Event Response

Security - based operations

Page 28: Defending our datacenters

THANK YOUTo download Axis Commmunciations’

“Defending our datacenters” white paper, please visit http://bit.ly/2fZjtPf


DATACENTERS Electrical Design

Telecom argentina datacenters

Automation datacenters

Defending Our National Treasure · Defending Our National Treasure: A Department of Defense Chesapeake Bay Restoration Partnership 1998–2004, provides a showcase of the recent efforts

“Improving our Understanding of WTO Law and Defending

Defending Best Intersts Practice Guide - Guardian ad Litem ......Defending Best Intersts Practice Guide January 2018 . Welcome to the Defending Best Interests ... , especially our

Seguridad en Datacenters

Datacenters 2012

1.Introduction – About our projectIntroduction – About our project 2.Defending the castlesDefending the castles Portcullis Defending Passageway Murder

TP Réseaux Datacenters

Green datacenters

Defending Our Faith-conscience and Obedience-speaking Prophetically or Judging Others

Defending territories, Defending our lives

Efficiënt herinrichten van datacenters

Cybersecurity : defending our digital future

GRANDES ORGANISATIONS & DATACENTERS

Defending our true selves: being museums

APPENDIX: DEFENDING PRETRIBULATIONISM · 2018-09-21 · Appendix: Defending Pretribulationism 263 As we recall from our earlier (chapter 2discussion regarding ) dual or fractal-like

Solutions Pour Datacenters

TIA 942 presentacion datacenters

06 DataCenters PGE

1.redes datacenters

Defending Our Coast From Offshore Drilling! Surfrider Foundation Florida Chapter Conference: 2014

Datacenters écologiques (“green”)

Efinétika soluciones para datacenters

Programme 2009 Opération Datacenters

Interconnection, Bandwidth and Datacenters

Deerns Green Datacenters

Defending the Free Internet - Our Responsibility to Defeat Mass Surveillance

Smart DataCenters

Defending our datacenters

Cloud datacenters

Air Force Flight Test Center Defending Our Spectrum: What

Defending Our Coasts: Ensuring Military Readiness & Economic …€¦ · Defending Our Coasts: Ensuring Military Readiness & Economic Viability As Waters Rise. 2 Table of Contents

Defending Our Freedom - U.S. Department of Defense