Data Center security

A security policy to combat APT in the data center

Purpose

Today we experience advanced attacks on organizations’ data center assets that are more serious, sophisticated, and extensive. Recently, advances in information technology facilities and usage frameworks including virtualization, mobility, and cloud computing have dissolved conventional security parameters establishing a conducive environment for hackers. This has forced covert state actors to come up with international sabotage and espionage campaigns in the form of advanced persistent threats policy. The purpose of this advanced persistent threat security policy is to provide a guideline in the form of best practices to combat advanced persistent threats against information infrastructure, information as well as information systems within the Datacenter.

Scope

A data center is fundamental to any organization since it houses an organization’s most critical information technology assets. This policy aims at protecting facilities within the data center mainly the email servers, application servers, database servers as well as the webserver they may also need to include the operator’s console. Essentially all these components house sensitive information which would affect the organization negatively if compromised. This policy is applicable and shall be communicated to all Tier 1 staff who are tasked with daily data center operations maintenance. This includes but not limited to web administrators, network administrators, database administrators, and support technicians who in most cases are responsible for the operations of the data center. Furthermore, this policy shall also demand compliance from senior management who are tasked with Organization information technology assets such as the CISO/CIO, CEO, and CSO.

Compliance

 Compliance Measurement

The data center security team shall verify compliance to this policy via several ways including but not limited to regular domestic and external audits, periodic instant walk thru, CCTV video monitoring, software tool reports, and regular feedback.

Exceptions

Any exception to this policy must seek approval from the Datacenter security team prior to the exception grant.

Non-Compliance

It is the responsibility of all members of staff to report any confirmed or suspected breaches to this policy to the appropriate organizational organs. Reports shall be written or oral. Failure to do so shall result in any of the disciplinary actions stipulated below.

Any employee that willingly or unwillingly violates this policy shall be subject to disciplinary action including immediate employment termination. Furthermore, there might be exceptional cases that persons might be subjected to legal suctions as well as criminal prosecutions when a violation occurs. There are state laws that provide legal punishments for computer and cyber-related crimes.

Guidance

All employees shall be required to take part in all information security awareness training undertaken by the information technology department. In addition, any employee seeking an interpretation of any item within this policy can do so by consulting with any of departmental heads. The HR department shall also give out copies of this policy to all new employees as well as provide preliminary guidance.

Terms and definitions

Data

This refers to any information stored in any of the servers within the data center that is used by the organization as a foundation for presentation, decision making, calculation, or discussion.

Employee

An employee is anybody who has the authority and responsibility to enter, update, or read any information by the owner. They have been delegated the responsibility to ensure that the data integrity is upheld and that its availability and reliability I guaranteed.

Owner

In this case, an owner is a person whose business is responsible for the data within the data center or persons whose data is stored within any server in the data center. Where necessary, ownership might be shared between various stakeholders.

Information

This refers to electronic data files, source documents, and any reports or data derived from the data center.

Risk identification and assessment

Risk IdentifierDescription of the Risk
(identify affected assets)
Response Priority
(Most important = 1)
Control measure
Denial of serviceAny action that results to compromise of any facility within the data center can result to absence of service. For instance if malicious activity in one of the servers results to server overload leading to server crush, services offered by that server shall remain unavailable until when fixed.1Increase use of external threat intelligence
Create ready to use APT rapid response tactics
Maintain a list of application systems at risk
Create an APT checklist for assets at risk
Focus on APT detection techniques and analysis tools
Focus on incident response for APTs
Breach of confidential data  Any attacks on the data center facilities namely the email and database server could lead to a possible breach of confidential data. Any possible loophole in the data center infrastructure could facilitate such a breach.1Install firewalls, antivirus software and ensure regular software updates.
Employ network segregation such that servers holding sensitive information are kept offline or within a domestic network.
Enforce strong authentication mechanisms such as biometrics
Fraud/Pharming    Information within the data center more so with regard to financial records possess a significant risk of attackers using such information to commit fraud. Hackers could use information to exploit user financial accounts.2Focus on APTs in security awareness training
Create ready to use APT rapid response tactics
Focus on APT detection techniques and analysis tools
Prepare an APT forensic response plan
SabotageThere have been cases where competitor organizations sponsor attacks to opponent IT infrastructure just to sabotage them. The risk of sabotage of the data center is very much alive if the security mechanisms provide a loophole that can be manipulated to compromise the functioning of the Data center (Webb, 2014).3Increase use of external threat intelligence
Create an APT checklist for assets at risk
Focus on APT detection techniques and analysis tools
Maintain a list of application systems at risk
BlackmailWhere any sensitive within the data center leaks to an authenticated user, it opens up a leeway for the person to use such information to blackmail the organization of the specific information owner for some financial or material benefit.2Focus on APTs in security awareness training
Focus on incident response for APTs
Create ready to use APT rapid response tactics  
Identity theftThe risk of identity theft is very real in the scenario of a data center, where attackers one they have maliciously obtained secret information such as login details then use those details to disguise themselves as those individuals to gain access even other more critical systems.1Enforce strong authentication mechanisms such as biometrics.
Change authentication credentials on regular basis.
Focus on APTs in security awareness training
Prepare an APT forensic response plan
BotnetsThis is the risk of attackers possibly installing bots on the servers so that they can act as their agents to compromise the data center services.1Install firewalls, antivirus software and ensure regular software updates.
Increase use of external threat intelligence
MalwareAttackers can infiltrate or bring down data center resources through installation of malware.1Install firewalls, antivirus software and ensure regular software updates.
Increase use of external threat intelligence
RansomwareThere exist the possibility of malicious attackers installing software that holds users of the data center captive for financial gains.3Increase use of external threat intelligence
Install firewalls, antivirus software and ensure regular software updates.  
VirusesThis is a common threat to any networked system, hence this may bring down data center computing devices or compromise information in it.1Install firewalls, antivirus software and ensure regular software updates.
Increase use of external threat intelligence
Focus on APTs in security awareness training  

Policy

  1. The data center security management team shall maintain an updated list of systems at risk.–At any given point the team in charge of data center security shall be required to have a list of resources at risk including any newly installed components as well as their risk levels.
  2. The information technology department which also is in charge of the data center shall always put more concentration in training employees on advanced persistent threats security during training–During regular training or emergency training, the focus shall be primarily on training employees and users on better securing the organization from advanced persistent threats.
  3. Members of the data center security team and stakeholders shall come up with an advance persistent threat forensic response plan annually–The security team together with stakeholders shall prepare a forensic response plan to handle APTs every year due to the dynamicity of IT security. Furthermore, this response plan shall always be communicated to all employees during AGMs.
  4. Every employee of the data center shall undertake steps to ensure that they change their authentication credentials on a regular basis–Most users have been known to use one authentication credential across all systems as well as retain them for such a long time exposing them to possible threats. Where necessary, the systems shall automatically alter their authentication credentials periodically as well as guide them in changing those credentials.
  5. The data center team shall establish a checklist for APT for assets facing risks–From the lists of all data center assets, the security team will then create an APT checklist for all assets facing risks. The checklist should be updated regularly to factor in newly installed assets.
  6. The data center security team shall create a ready to use APT rapid response tactics–This should provide guidance in times of emergencies both to new employees as well as a reference point for existing members of staff.
  7. The data center management shall enforce strong authentication mechanisms within the data center–Stringent authentication mechanisms shall be installed including physical access control biometrics to reduce the risks of compromise as much as possible. This would also make it easy to detect any anomalies.
  8. The data center shall install advanced security firewalls and its employees ensure that they install antivirus software as well as update software regularly–Some of the APTs can be detected and thwarted through simple software procedures like updating software and using updated antivirus. The firewall shall help lock out network attackers.
  9. The data center shall increase the application of external threat intelligence–In most cases, the security risks that face a data center are external hence, the use of external intelligence mechanisms will promote early detection and prevention of possible security breaches
  10. The data center team shall focus on the incident response for APTs–Aside from the several security considerations within the data center, more focus shall be put on creating an effective response plan for APTs
  11. The data center management shall focus on APT detection techniques and analysis tools–The security team in the data center shall largely employ tools that facilitate APT detection and analysis to boost its security posture.

2 Replies to “A security policy to combat APT in the data center”

  1. Pingback: Cyber Security Guide | TrendingLeo
  2. Pingback: Cloud Computing options | TrendingLeo

Leave a Reply

Your email address will not be published. Required fields are marked *