The following demands are made on the environment of the web server.
• Preventing data traffic from being read (sniffer attacks)
• Preventing network mapping and port scanner attacks
• It should not be possible for a server to be used by a successful attacker as a starting point for an attack on other servers.
For this reason, all servers that provide services towards the Internet are located in such a way that they lie in their own isolated network (demilitarized zone, DMZ), protected by a central security component.
The DMZ can be protected from the Internet by an application level gateway or a screening router. The proxies of the gateway or packet filters of the router ensure that access can only be made to those services activated on each server. If a packet filtering router is used to protect the DMZ, an additional protection of a switch with port security and flood protection should be used in the DMZ.
To protect the server hardware from physical access by unauthorized individuals, the server should be installed in a secure room. The power, telephone, and network cables should equally be protected everywhere from physical access.
Was this article helpful?