Multi-factor Authentication
With multi-factor authentication (MFA), you automatically get an extra layer of security, particularly because at least two elements are used to validate access rights. If an attacker is to obtain one authentication measure, they still need to find a way to get the second—before too much time goes by and the login session either times out or a security alert is generated.
While this is common when securing digital assets in a variety of situations, it is also a powerful security solution to ensure only authorized individuals can access the physical areas of a data center. Some requirements to access data center equipment can include:
A comprehensive check-in process that requires government-issued identification
Special badges for visitors
Fingerprint identification
A physical key that can provide access to areas where equipment is run or stored
Badge key cards, which can be verified before going through doors between sensitive areas
Retina or facial scans
Attackers employ a variety of techniques and tools to penetrate data centers and their security systems. They may target specific groups of users with social engineering attacks to fool them into either giving away passwords or giving intruders an access point to get past the data center’s security system. If a user downloads malware, it can be used to gain access to passwords and other login credentials. Further, if ransomware is used, the attacker can capture and control a crucial computer, forcing an administrator to pay a ransom to gain access once again.
Attackers also tend to target weak passwords. These are often the result of users recycling passwords they use on other accounts because they are easy to remember. Even if the password is relatively hard to guess, if it is used on multiple accounts, it is weak. An attacker can crack a user’s password in a different application, and because it is used to access data center resources, the attacker now has what they need to get in there as well. This further underscores the necessity of MFA that involves at least one thing a user can hold and one thing they know.
It is important therefore for IT managers to provide users with training around good password and credential management, as well as the dangers that can result from even minor slip-ups. Education should also include what threats look like, how they behave, and which attack surfaces are most likely to draw the attention of malicious actors. Education is one of the most effective ways to reduce human-based vulnerabilities.
In addition to users, data centers can also present vulnerabilities stemming from networks that are not properly configured, are outdated, or use insufficient security tools. Because cyber criminals are constantly on the prowl for new attack methods, only the most up-to-date security protocols and tools should be used. Automatically updating software, including that which uses threat intelligence, can keep a data center one step ahead of the most recent threats.
How Fortinet Can Help
Fortinet FortiGate NGFWs provide superior protection for data centers, whether they are installed at the edge or within the network. Because data centers often manage several types of workloads, multiple NGFWs can be deployed, with each one configured according to the unique needs of the workload they need to protect.
FortiGate can be used to make sure only authorized individuals and websites can gain access to the data center’s resources. With FortiGate, you can set up a virtual private network (VPN) that pipes traffic directly from specific users or a central location into the data center or specific areas of it. Further, with the FortiGate deep packet inspection (DPI) capability, malware and other threats are kept outside. This is accomplished with the help of artificial intelligence that can identify anomalies in data, enabling the system to detect even brand-new threats.
Posts
0 Comments