Seguridad de alta disponibilidad
Rally Tecnológico
Pablo Mollinger
Systems Engineer
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Chile – Abril 2011
Cisco Confidential
1
• Tendencias y Amenazas de Seguridad en el Data
Center
• Seguridad en Capa de Acceso del Data Center
Ambientes Físicos
Ambientes Virtualizados
• Seguridad en la Capa de Distribución/Core del DataCenter
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
2
• Support key DC switching virtualization Features
• Optimal Integration of Network Security Services • Understanding Security & Server Virtualization • Data Centric Policy Enforcement with Zones • Data Center Compliance
© 2010 Cisco and/or its affiliates. All rights reserved.
CiscoConfidential
3
Highly Scalable Processes Massive Workloads Dynamic Delivers On-Demand Services Intelligent Supports Different Applications and Data Types
Security:
Requires the Same Demands
Partner Solution Elements
App
App
App
Desktop O/S Desktop Virtualization
Storage
VDI Broker
Hypervisor
Unified Fabric
Unified Network Services
Unified Computing
Cisco DataCenter Business Advantage Framework
Consolidation, Virtualization, Automation, and Cloud
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
4
Legacy
Accidental Architectures Applications deployed in fixed positions (ex. multi-tier deployment) Predictable traffic flows Security often deployed to each pod or silo
Virtual
Data Center andServer Consolidation Server Virtualization “Any workload on any server” Unpredictable traffic flows as workloads migrate Security becomes more data centric (no silos)
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
5
• Virtualization
• Applications • Data Loss • Compliance • Availability
© 2010 Cisco and/or its affiliates. All rights reserved.Cisco Confidential
6
Web Servers
Component servers
Application Server
Data base servers
webservers
webservers
Application Server
Transactional Domain
Backup
• The server farm uses load distribution and security for
transactional applications which are applicable to typical DMZ applications: SMTP servers / DNS servers
© 2010 Cisco and/or its affiliates. All rightsreserved.
Cisco Confidential
Cluster Interconnect
7
OWASP = Open Web Application Security Project http://www.owasp.org
• •
A1: Injection Flaws A2: Cross Site Scripting (XSS)
Percentage of Websites Vulnerable by Class (Top 5)
• • • • •
• • •
A3: Broken Authentication and Session Management A4: Insecure Direct Object Reference A5: Cross Site Request Forgery (CSRF) A6:Security Misconfiguration A7: Insecure Cryptografics Storage
A8: Failure to Restrict URL Access A9: Insufficient Transport Layer Protection A10: Unvalidated Redirects and Forwards
Source: WhiteHat Security
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
8
OWASP = Open Web Application Security Project http://www.owasp.org
• •
A1: Injection Flaws A2: CrossSite Scripting (XSS)
Percentage of Websites Vulnerable by Class (Top 5)
• • • • •
• • •
A3: Broken Authentication and Session Management A4: Insecure Direct Object Reference A5: Cross Site Request Forgery (CSRF) A6: Security Misconfiguration A7: Insecure Cryptografics Storage
A8: Failure to Restrict URL Access A9: Insufficient Transport Layer Protection A10: Unvalidated Redirects andForwards
Source: WhiteHat Security
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
9
Hacking the Web/Application Server
Layer 2 Segment
HTTP
Web Server Web Server
Layer 2 Segment
Web/Application
Database
• After a phase of probing/scanning, the hacker detects the
vulnerability of the web/application server • The hacker exploits the...
Regístrate para leer el documento completo.