Upload
jeffrey-lam
View
43
Download
5
Embed Size (px)
Citation preview
SECURING OUR DATACENTERS
Jeffrey Lam ACP, RCDD AXIS COMMUNICATIONS
17 Nov 2016, 4.30pm
There are nosecure systems!You can only make systems more secure.
SECURING OUR DATACENTERSSecurity is not a product nor a feature; it’s an integration of culture, policies & systems
3 KEY THREATS & DEFENCES
DISPOSSESS
DISABLE
DISRUPT
TECHNICAL DEFENCE
Defence in Depth
Defence in Depth
MoatOuter Wall
Inner WallKeep / Tower
PerimeterBuilding
Critical SpacesStrongbox
Castle Datacenter
1. ARCHITECTURAL DEFENCEBARRIERSPerimeter fencingBuilding WallsComputer / plant roomsIT / control cabinet
ACCESSPerimeter GatesBuilding entrancesComputer room entrancesCabinet doors
CONNECTORSFacility groundsMantrapsElevatorsCorridors
LAYE
RS
PERIMETER LAYER
Security-based operations
BUILDING LAYER
Security-based operations
CRITICAL SPACES LAYER
STRONGBOX LAYER
PUBLIC ADDRESS
VOICE COMMS
OTHERS
INTRUDER DETECTION
SOFTWAREANALYTICS
VIDEO SURVEILIANCE
ACCESS CONTROL
2. TECHNICAL DEFENCE
PERIMETER – LOW LIGHT CAMERAS
Image without Lighfinder technology Image with Lighfinder technology
PERIMETER - THERMAL CAMERAS
Detect with thermal camera(AXIS Q1922) Visual camera
(AXIS Q1755)Zoom & identify with visual
camera (AXIS Q1755)
Security-based operations
PERIMETER – LARGE OPEN SPACES
AXIS Q60-E showing the zoomed-in view of interest.
BUILDING LEVEL – VARYING LIGHT LEVELS
Underexposedtrying to capture the environment outside
Overexposedtrying to capture the environment indoors
WDR Forsensic CaptureLooks slightly unreal, but
more useful for surveillance
Security-based operations
!
Post-event images
Security-based operationsPre-event images
Computer Room : integrated with IIM/DCIM
Security-based operationsEvent
ADVANCED COMPRESSION TECHNIQUES
> Small form factor> Installed at eye level – capture face> Integrated with audio & I/O > Integrated with DCIM / IIM > Single IP address for multiple cameras
STRONGBOX (RACK) LEVEL CAMERAS
INTRUSION DETECTION
Buried coilElectromagnetic
Infra-redOpen Area Sensor
PressureWall & floor sensors
Camera Analytics
Analytics
Audio Analytics
Video Analytics • Gunshot• Broken glass• Explosion • Screeching car• Voice – aggression• Voice – key words
• Perimeter protection• Facial recognition• People counting• Unauthorized access• Aggression detection• Smoke detection
IP PUBLIC ADDRESS SYSTEMAxis network speaker solutionTraditional analog speaker solution
Speaker
Amplifier
Tone control / Equalizer
Streaming box
All-in-one
Network switch Network PoE switch
- Speaker audio cable
- Line level audio cable
- Line level audio cable
- Network cable
- Network cable(Structured Cabling)
> Identification & verification– What you Have– What you Know– Who your Are
> 2 factor / 3 factor authentication> Turnstiles integration for Anti-passback & anti tailgate> System Management
– Token – lost / disabled– Passcode renewal / forgotten– Maintenance of biometrics database
ACCESS CONTROL
Other electronics systems• Key Management Systems• RFID Asset management systems• Visitors pass management systems• Mantrap with weighing scale /metal detector• Vehicle entry with weighing scale• Drone detection & disablement systems• Drone based surveillance system• Intruder response system – fog, net, etc• Etc.
COPYRIGHT TRAKKER
IoT – CENTRALISED CONTROL
Security-based operations
CAMERAS
PIR SENSORS
ILLUMINATOR
I/O CONTROLLERDOOR
CONTROLLER
SPEAKERS
MICROPHONE
INTERCOM
Standard hardening stops majority of attacks
Intuitive and user-friendly IT policies
System maintenance process
User education –Embrace security culture
How about Cybersecurity?
The goal is to make attacks expensive rather than impossible.
Integrated surveiliance & dtection
Security-based operations
Security Culture
3. OPERATIONAL DEFENCE• Security Awareness• Training, Tabletops & Drills• Audits, feedback &
Modifications• Event post-mortem &
Corrective actions
• Use of disabled cards• Perimeter breach• Left baggage• Tailgating• Unplanned deliveries• Unaccounted visitors
• Assets disposal• Visitor / vendors access• Maintenance / repair work• Employees backgd checks• Purch. & delivery new equip.• Emgy access by authorities / utilities
Event Response
Security - based operations
THANK YOUTo download Axis Commmunciations’
“Defending our datacenters” white paper, please visit http://bit.ly/2fZjtPf