Security on the inside
It's all very well protecting the network from bad stuff on the internet with firewalls and hardened servers, but what happens if a threat should
exist inside our network, behind our firewall? After all, just like any host, it's possible for someone with bad intentions to rent a dedicated server
from us.
Click image for larger view
With many hosts, your server could be in real trouble. Not only is there a danger inside their network, but that danger is connected to the
same physical switch as your server, and the other server can "see" your server sitting there.
We've thought about this, and we've set things up so that our network protects you just as well as from internal threats as it does from external threats.
VLans
Every single server on our network operates in its own VLan (Virtual Lan). This means that, as soon as traffic for your server hits our firewall,
it's "tagged" with the appropriate VLan - assuming it's allowed to pass in the first instance. The tagged traffic is passed on to our managed
switches which know what routes are available to deliver that traffic to your server. It isn't possible for any other server on our network to
see or to intercept that traffic. When the traffic arrives at the switch your server is plugged into, the switch knows what port to deliver that traffic
to.
Click image for larger view
It also means that other servers, even those plugged into the same switch, cannot "see" any other server on our internal network and cannot directly connect
to any other server. If one server wants to connect to another server inside our network, that traffic must pass through our firewall first before
being directed back to the server it wants to connect to. This means that your server is protected by our firewalls at all times
irrespective of whether the traffic comes from inside or outside.
If you have more than 1 server, we make sure that each of your servers operates on the same VLan, so they can communicate directly and safely without
any other server intercepting their communications.
Subnets
Intimately associated with every VLan is a dedicated subnet. This is a range of IP addresses that are available for you to use on your servers.
Most dedicated servers are supplied with 8 IP address, of which 5 are usable.