Lesson 12: Securing the Database and Server

Physical Access Controls

Controls that restrict, detect, and monitor access to specific physical areas or assets through measures such as physical boundaries, physical tokens, or biometric access controls

• control access to the server itself

• fortification of the room itself

Video Surveillance

Physical security control that uses cameras and recording devices to visually monitor the activity in a certain area

Fire Suppression

Fire detection and suppression systems are mandatory in most public and private commercial premises. Water based fire suppression is a risk to computer systems, both in the event of fire and through the risk of flood

• alternatives include dry pipe and gas-based systems

• categorized in classes A, B, and C

Cooling Systems

Mechanical systems that typically use air or liquid to maintain a temperature that is lower than the ambient temperature

Heating, Ventilation, and Air Conditioning (HVAC)

Control systems that maintain an optimum heating, cooling, and humidity level working environment for different parts of the building

In both cases, a user will be required to provide one or more factors to prove they are who they say they are, in order to prove that the user is authorized to access the room of data

How is protecting the door to a server room similar to authenticating a user’s access to data?

False; it is not always necessary for surveillance systems to be monitored at all times. Surveillance events can be recorded and reviewed regularly, or as needed

True or False: Surveillance systems should be monitored 24/7 for best results

If a fire breaks out, the equipment (and data contained within) could be destroyed, or even the facility itself. The data may be lost completely or may take a lengthy amount of time to recover

Why is fire such a concern in server rooms or databases?

Servers and other electrical equipment are susceptible to overheating, which can damage or destroy the equipment, and the data contained within

Why is providing an adequate cooling solution necessary in a server room or database?

Firewall

Software or a hardware device that protects a network segment or individual host by filtering packets to an access control list

• filter network traffic according to rules

• filter inbound and outbound traffic

Perimeter Network

Segment isolated from the rest of a private network by one or more firewalls that accept connections from the internet over designated parts

Port Security

Security feature that prevents a device attached to a switch port from communicating on the network unless it matches a given MAC address or other protection profile

Physical access requires a person to be in the same physical vicinity of the server. Logical access involves accessing the server across a network.

What is the difference between physical access and logical access to a database server?

Filter incoming and outgoing network traffic

What is the basic job of a firewall?

A network firewall blocks traffic before it ever gets to the server, while a host firewall requires the communication to arrive at the server before it can be blocked

why is a network firewall preferred over a host firewall?

To enable secure connectivity between a cloud or public network and your on-premise or private network

What is the basic function of a perimeter network?