A11 Finding a Suitable Location for the Web Server

The following demands are made on the environment of the web server.

• Preventing data traffic from being read (sniffer attacks)

• Preventing network mapping and port scanner attacks

• It should not be possible for a server to be used by a successful attacker as a starting point for an attack on other servers.

For this reason, all servers that provide services towards the Internet are located in such a way that they lie in their own isolated network (demilitarized zone, DMZ), protected by a central security component.

The DMZ can be protected from the Internet by an application level gateway or a screening router. The proxies of the gateway or packet filters of the router ensure that access can only be made to those services activated on each server. If a packet filtering router is used to protect the DMZ, an additional protection of a switch with port security and flood protection should be used in the DMZ.

To protect the server hardware from physical access by unauthorized individuals, the server should be installed in a secure room. The power, telephone, and network cables should equally be protected everywhere from physical access.

Was this article helpful?

0 0

Post a comment