Most corporate nets offer users services over the Internet, like email and e-commerce. The maintainability and security of these services is critical to the success of an organization.
Server Farms
Managing and securing numerous distributed servers at various locations within a corporate network is hard. A common good practice is to centralize servers in server clusters and farms. Server clusters are naturally located in server rooms and data centers.
Building a server cluster has the benefits below:
Network traffic comes and leaves the server farm at a well-defined point. This plan makes it easier to protect, filter, and order traffic.
Redundant, highly-available connections can be mounted to the servers as well as among the server farm net and the main local area network. This alignment is cheaper than trying to offer an analogous level of connectivity to servers spread throughout the network.
Load balancing and failover is possible between servers and between networking devices.
The amount of high-capacity switches and security units is reduced, and as a result the cost is also reduced.
Data center servers must be protected because a malicious attack is always possible.
Malicious attacks against server farms can negatively influence e-commerce and business-to-business applications. Both local area networks and storage area networks need to be secured to decrease the chances of dangerous attacks. Hackers use a range of hacking tools to examine networks and to launch buffer over flow attacks, denial of service attacks and others.
Guarding Server Farms
Firewalls are frequently installed to deliver a good level of security when internal and external users want to access the Internet thru the server farm. To correctly secure server farms, a more in-depth method must be followed. Firewalls with Demilitarized Zones, Network analysis and management devices, Host-based and network-based intrusion detection and prevention systems can also provide great help.
In the old-style network firewall strategy, servers we want to access from external networks are located on a demilitarized zone. Users that connect to those servers from the Internet or other untrusted external networks are stopped from seeing data located on the internal LAN. Local area network users are treated as trustworthy users and typically have few restrictions enforced when they access servers on the demilitarized zone.
Defending Against Internal Attacks
Attacks that begin from the internal net, are more common nowadays, than attacks from external sources. As a consequence, the scheme of server farm security is entirely different. A new level of firewall devices and intrusion prevention systems is required among the servers and the internal networks, as well as among the servers and the external users. An extra security level among the servers may also be necessary.
The importance of data kept on the servers defines the suitable security policy for the design of the server farm.
Manolis Skoras is a Cisco, Microsoft and HP Certified Trainer and systems-network engineer. Recently he created a CCNA Exam Answers website to help his students and people around the world to better understand the material they will be tested on, thus having greater success rates. Check Certify4Sure today!