Define the Initial User-to-Data-Center Traffic Security Policy
Define who can use which data center applications on
which servers and other devices.
Defining the initial best practice security policy for user traffic flowing to the data
center begins the process of developing a data center application allow list. The
ultimate goal is to use positive security enforcement to protect your data center with a
Zero Trust architecture. You accomplish this by explicitly controlling who can access
the data center, which data center applications they can access, and what resources they
can access inside the data center. Allow access only to users who have legitimate
business reasons to access the data center. When you finish developing your best
practice security policy, no unknown users should be able to access the data center and
no unknown applications or resources should reside in the data center.
Risks to the data center from user access include attackers gaining control of a network
device outside of the data center and using it to move laterally into the data center to
plant malware, exfiltrate data, and gain control of data center devices, the accidental
downloading of malware to the data center, and unauthorized access to data center
applications and assets.
The following sections show you the types of application traffic to allow and how to
control it, how to authenticate users to prevent unauthorized user access to the data
center, and how to decrypt the traffic: