Tagged with Server x Apps x

Data center and cloud

Decentralisation of the system, as a measure of physical protection, is set as a key condition for its security. It is recommended that the data is not stored on the same machine from which it is sent to the network or on which it is processed. There are several ways to store large amounts of data. The simplest way is to store data on an external hard drive. External hard drives with relatively good performance are affordable, but this type of computer hardware does not have a built-in duplication mechanism. This means that in the event of a failure, most of the data on that disk would be lost forever. On the other hand, external drives do not have direct access to the internet and are active only when connected to a computer, so they can be said to be relatively secure. Storing data on an external hard drive means that the data remains in the organisation's physical headquarters.

From a data loss risk perspective, renting storage space on a cloud server is a much better way to store important data. Cloud computing is an internet technology based on the remote use of resources (data flow, storage space, working memory, etc) and their exchange between multiple applications and users. The cloud can be private, public or hybrid. Cloud services use RAID technology (Redundant Array of Independent Disks) based on the model of comparative use of multiple disks for data storage, where each data is located in at least two locations, which significantly reduces the risk in case of failure. Some cloud storage solutions are Google Drive, Dropbox, OneDrive, SpiderOak, Tresorit, etc. However, if it is sensitive data, storage on other people's devices is not recommended, despite the fact that all cloud services include encryption .

The third way of storing data is to form your own mini data center  in which all data of importance to the organisation will be stored. Equipment for this purpose depends on the needs. There are a number of ready-made solutions that are cheaper and can permanently solve this issue. Thus, the data will remain within the physical space of the organisation, and the application of RAID technology will reduce the risk of data loss and theft. One of the ready-made data center solutions is Drobo.

Server Apps Cloud

Internal network

In one system (company, newsroom) all computers, printers, storage devices (storage servers or mini data centers ), mail servers, routers [ROUTERS] and other components are connected to the internal, local network, physically (by cable) or wirelessly (wi-fi). These networks are usually based on the so-called client-server architecture. A client or user is a computer or other hardware component in everyday use, while a server is a special computer that allows clients to use the resources stored on it. These can be applications, web pages, files, emails, databases, etc. There are different types of servers: web server, file server, mail server, database server, etc. Due to the high concentration of sensitive data in this network, special protection measures are applied to it.

A wireless network may have different physical bands depending on the strength of the transmitted signal. Indoors, this range averages about twenty meters around the router, which often means that this network is available outside the room. Routers that emit a wireless signal have several layers of protection, the configuration of which is the task of the administrator, including setting up adequate protection measurers. 

Below are the most common protection measures for wireless networks:

  • Wireless security mode: It is recommended to use WPA2 (Wifi Protected Access 2) protection which has two possible applications. PSK (Pre-Shared-Key) is set easily, by setting a password [PASWWORD] , while Enterprise requires a slightly more complicated setup and an additional RADIUS (Remote Authentication Dial In User Server) server. In most cases, the PSK method is good enough as a protection mechanism for small and medium organisations, if the password meets the standards. Many routers [ROUTERS] also support WPS (Wi-Fi Protected Setup), a system that allows you to log in to a wireless network using a button on the router, without entering a password. This system has serious security flaws, so it is recommended that it be turned off on the router;
  • MAC filtering: MAC address is the physical address of the device that connects to the network. The router can be configured to allow access only to addresses that are on its list. This method will not stop advanced attackers, who can detect the list of MAC addresses from the router and download some of the associated addresses for their device;
  • Hiding SSID (service set identifier): SSID is the name of a network that is usually public. Similar to the MAC filter, hiding the SSID will not stop advanced hackers, but it will prevent some less capable attackers from playing with someone else's network;
  • Using multiple wireless networks is recommended when there are at least two categories of people for whom the network is intended, for example employees and guests. Given the characteristics of wireless networks, the only way to physically separate the network used by employees from the network to which other visitors are connected is to maintain separate routers, where everyone will have their own cable that connects directly to the internet.
Server Password Apps