Re: Securing the Server Farm

["WALI" <hkhasgiwale () gmail com>]

Thanks for the link anymouse, but the itsd document contained therein is too 
detailed, highlevel and conceptual , where I failed to find the clause that 
deals specifically the technology I need and ways I might employ in order to 
secure my server farm.

Vendors talk about deploying a firewall or an IPS before my servers but if I 
do that, I loose out on the bandwidth drastically where each of my IDF is 
getting an uplink of 10G to core switch. Firewall, IDS here would act as a 
bottleneck for my speeds.
Also, shall I attach all my servers directly to core switches or is there 
another best practice?

The reason I feel that there exists a need to protect my servers from 
internal traffic on LAN is because there is usually a huge time lag before 
we get to deploy even highly critical MS patches on them and also, I have 
read that 80% of threat to IT infratsucture comes from an insider.

Pls advise from your experience.

Regards

----- Original Message ----- 
From: <anymouse () user net>
To: <security-basics () securityfocus com>
Sent: Wednesday, July 25, 2007 8:32 PM
Subject: Re: Securing the Server Farm


> Take a look at this Canadian Security Establishment publication.  Should 
> be a good start.
>
>
> http://www.cse-cst.gc.ca/documents/publications/gov-pubs/itsd/itsd02.pdf
>
>
> Regards,
>
> DaSein