flr3

 

by Fred Richards, Matrix Senior Network Engineer

Here at Matrix, security is not any one action that is performed but rather a mindset of using only enterprise-grade hardware and software tools coupled with a fanatical application of barrier layering. As a result, the security of our clients’ data is fundamentally paramount.  Here’s why:

The datacenter itself is partitioned in such a manner that each device, every node in the network, has it’s own specific role and responsibility.  A customer’s data, traveling through the network, may pass through a different group of devices depending on it’s purpose.  Each device also has a varying degree of importance in strict adherence to Cisco Systems’ recommendations for a tiered network design.  Every device’s configuration and software revision is scrutinized for attack vectors, software flaws, and configured for networking security best practices (per CCNP/CCIE requirements).  The modularization of nodes and isolation of the customer’s data is common from the customer’s site through the core of the network, and finally out to the internet.  Strict guidelines adhere to configuration of new equipment, and placing customers in their appropriate segment.

Security access levels are also strictly enforced, along the lines of each customer’s segments.  To traverse levels, specific access lists are in place for each applications’ unique need.  Most hosts and nodes exist solely on the inside of the firewall.  Users with a private connection to the datacenter, and a privately hosted server, never leave the inside of the datacenter.   Host security itself is handled by the server team, with patch levels and monitoring, and antivirus where necessary.  Monitoring is also performed on every node, interface and groups of nodes.  Access to the equipment is logged, and configuration changes are reviewed by the entire network team using an automated auditing tool, so every change can be tracked and recorded.  Access to the tool and configuration files are limited.  

Finally, a traffic baseline is established, to quickly identify any abnormal behavior. Suspicious activity is investigated immediately, documented and remedied.  The network is also externally monitored for suspicious activity, with reports on a daily basis.  In summary, our penchant for strict observance of security fundamentals has resulted in an extremely stable, reliable and secure datacenter environment over the 10 plus years of its existence.

Fred holds his CCNP certification