5.4 Secure Server Configuration Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

12 hours 48 minutes
Video Transcription
all right. So many times when we think of servers, we also, of course,
think of storage. Right. And we might think storage area networks. We might think of clusters. You know, this particular slide talks about storage area networks. You don't have to get really deep here, but, you know, when we're looking at storage area networks, what you'll see on the the exam
is you're gonna see I scuzzy. You're not gonna see Fibre Channel for whatever reason. So, you know, I scuzzy is really just an extension of the traditional scuzzy technologies, whereas,
you know, the scuzzy bus goes across the network as opposed to a cross controller within a controller.
But it's the same ideas. So the benefits here we still use the same protocols, the same technologies, the same cable types. It generally feels invisible to the user, right. They don't know that the
the storage network is at another location. It's just all very seamless.
One of the ways that we protect when we talk about the target, that's the actual storage location. And we want to protect that. We don't want to give out any more information that's necessary, because that's where our dad ever sides.
So with thy scuzzy, we use one's logical unit numbers, and that's basically a logical mapping to the actual physical
device. Avoid over oversubscription in scuzzy. You know, many times we say, OK, I've got 100 users, but what are the chances all 100 are gonna be using at that time? Just really not a good idea for efficiency
on that off chance it would happen. Scuzzy does not handle that well at all. So we make sure that we have, um,
that we have the resource is and we don't oversubscribed. We want our storage network on a dedicated network. Of course, we don't want this on the same network. Slowing traffic down. We want to keep efficiency and productivity up.
I scuzzy traffic is unencrypted,
as is almost everything by default. So we add encryption. I p sec is one of the ways that we encrypt traffic. Like we said, we're still using I p traffic. So
I was involved in setting up the communication managing the communication's key management. But we have to talk attack on security with ice scuzzy
and then for authentication. You know, we're gonna use the standard authentication mechanisms that we have core. Bruce, you know, chaps a little dated there, but there's, ah, secure public. He management there couple of other areas or other authentication protocols that we can use.
But the bottom line is we look to one that's secure because many are not secure
by default.
Up Next
Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By