 Anasayfa > Ürünler > Silver Peak > WAN Acceleration Security Best Practices WAN Acceleration Security Best PracticesAccelerate Application Performance without Sacrificing Data Security SECURITY PRECAUTIONSRegardless of the technology used, when new appliances are inserted into a network infrastructure to accelerate application performance some basic security guidelines can be observed to ensure that they do not compromise data security. These include:Local data encryption: Whenever business critical information is stored on a local hard drive, as is the case with WAN acceleration devices that employ data reduction techniques, encryption should be implemented to protect this information from unauthorized access. Even if proprietary methods are used to store this information, and the data has a tendency to be “scrambled” over time as new information is stored, it is still very possible that large pieces of information will be stored on the appliance as contiguous blocks. These blocks can contain sensitive information, such as social security numbers, which can be extracted by someone who has access to the appliance’s partition. By encrypting the local data store, this risk is avoided. Typically, encryption should take place in hardware so as not to adversely impact the performance and scalability of the appliance. VPN across the WAN: IPsec is often used between appliances to secure data transfer over the WAN. Once again, doing encryption in hardware can help to ensure that security does not come at the expense of performance. Industry best practices recommend that a 128 bit encoding scheme, such as AES, be used when performing encryption. Older methods, such as 56 bit DES, are easily broken, which is why industry leaders, such as Microsoft, have moved away from that technology. IPsec can be performed outside of the acceleration appliance, but it typically must occur downstream of this device. Otherwise, the appliance will not have visibility into traffi c traversing the WAN, limiting its ability to provide signifi cant performance gains. Secure access: TACACS+ and/or RADIUS can be used to prevent unauthorized users from accessing network acceleration appliances. In addition, secure interfaces can be provided on all management consoles, including SNMPv3 and HTTPs. User credentials should be stored in as few places as possible, preferably in a secure environment, such as a purpose built data center. CONCLUSIONAs more and more enterprises undergo server centralization projects, new products will be introduced to improve network and application performance. By following basic security precautions, enterprises can ensure that these performance improvements do not come at the expense of data security. In fact, by enabling the centralization of key resources, enterprises are actually increasing their ability to secure business information, which ultimately ensures better compliance with the key regulatory measures that are having an increasingly complicated effect on the way that everyone does business. By enabling the centralization of key resources, enterprises are actually increasing their ability to secure business information, which ultimately ensures better compliance.
|
Uzman kadromuz güvenlik taraması yapsın.