| Internet Data Center (IDC) is a data center which undertakes foreign contract of network resource and special network service. IDC is not only the center of data storage but also the center of data disaster backup and data exchange. More security requirements are needed for IDC compared with any websites, ISP and ICP. This paper aimed at increasing serious network security issues, studied and analyzed the security problems laying in designing, implementation, and management of IDC of Chongqing Mobile, Ltd. (short for CQ-IDC), draws some conclusions which are very valuable to the construction and management of IDC. The main contents include: 1. Discuss the technologies of network security including pVLAN, firewall, avoiding attack of DoS, intrusion detection system (IDS), vulnerability scanning and so on, discuss the strongpoint and shortcomings of several technologies based on comparison. 2. Analyzed the security particularity of IDC. According to seven security elements of security architecture (integrity, confidentiality, availability, authentication, access control, nonrepudiation, and accountability), analyzed the security requirements of IDC for administrators and customers. Introduced several common security threats of IDC. 3. Security framework is the foundation of security solution's design and analysis, network security solution must be based on scientific security architecture and security framework. Aiming at the dynamic characteristics of IDC, based on the hierarchy architecture of OSI and service requirements, security venture solution in several hierarchy of IDC was proposed. 4. Analyzed the solution of security design of CQ-IDC, including the deployment of multi-layers nonhomogeneous firewall, the deployment of IDS based on the network, host, and database, the use of vulnerability scanning, and the configuration of professional anti-virus software. 5. To guarantee the normal operation of IDC services and provide full security solution for maintaining management, synthesis evaluation was performed in security construction, security management, network topology programming, daily maintaining management, and fault processing. With evaluation to analyze the security events which occurred in operation and maintaining of IDC, summarize the hidden security problems and shortcomings exist in security management, to improve the whole security in IDC.
|
PDF Full Text Request