FEATURE
FEATURE
FEATURE
Data centres can be considered a silver-
bullet to a successful hack if an attacker
gets their hands on the data they contain.
Matt Walmsley, EMEA Director, Vectra,
highlights the most critical attack vectors
that sophisticated attackers tend to use
against data centres and some of the ways
to secure it.
Six critical attack
vectors to watch out for
in your data centre
D
ata centres and the wealth of information they contain,
represent a tantalising prize for attackers. But unless
the attacker gets lucky and finds an Internet-facing
vulnerability, directly compromising a data centre takes
a significant amount of effort and planning.
As a result, cyberattacks that target data centres tend to be
patient, mature operations that emphasise persistence and require
flying below the radar of security teams. From our experience,
here are the six most critical attack vectors and techniques that
sophisticated cyberattackers use against data centres.
Co-opting administrative access
Administrators have unparalleled access to the data centre
and as a result are natural targets for attackers. Administrative
www.intelligentdatacentres.com
protocols can give attackers backdoor access into the data centre
without the need to directly exploit an application vulnerability.
And by using standard admin tools such as SSH, Telnet or RDP,
attackers can easily blend in with normal admin traffic.
Closing the local authentication loophole
In addition to the standard paths utilised by administrators,
many data centres rely on local authentication options, that can
be used in an emergency, to access the hosts and workloads
they need to manage. However, these local authentication
options are not logged and the same login credentials are often
shared across hosts and workloads for the sake of simplicity.
When attackers find the credentials by compromising an
administrator, they can silently access the data centre without
fear of their activity being logged.
Issue 14
35