A Proposed Model for Datacenter in -Depth Defense to Enhance Continual Security(Applied Study to ENR Datacenter – Egyptian National Railways)

摘要

Defense in Depth is practical strategy for achieving Information Assurance in today’s highly datacenter environments. It is a “best practices” strategy in that it relies on the intelligent application of techniques and technologies that exist today. The strategy recommends a balance between the protection capability and cost, performance, and operational considerations. This paper provides an overview of the major elements of the strategy and provides links to resources that provide additional insight. Companies need to address the security challenges of datacenter using a comprehensive defense-in-depth strategy. No single security solution will keep a determined thief from the goal of compromising the hardware or software given enough time and resources. Applying multiple layers of system security will slow the progress made by a thief, and hopefully, force the thief to abandon the pursuit, at the least, resale of the stolen property, and at worst, of confidential corporate data. The Defense in depth is the concept of protecting a Datacenter with a series of defensive mechanisms such that if one mechanism fails, another will already be in place to thwart an attack. In this paper, the main focus is given to highlight the security aspects of data center from perspectives of threats and attacks from one side and approaches for solutions from the other side. The paper also proposes an effective and flexible distributed scheme with two salient features. Our scheme achieves the integration of continual security improvement and Security Risk localization. This paper deals with the implementation of defense in depth at a strategic, principle-based level and provides additional guidance on specific sets of controls that may be applicable to support an organization’s defense in depth initiatives. The paper will present in Section (1) the Defense in depth concept, Section (2) Threats, Adversaries, Motivations, Classes of Attack and Vulnerability Analysis, Section (3) Information Security Assurance, Defense in Multiple Places, Layered Defenses, Security Robustness, Section (4) Design Goals and finally proposed solution and provide The IT Security Role & Functional Matrix.