Mobile Linux
App Generation ROI
IBM® developerWorks

Weekly Newsletter
Developer Updates
Free Website Content

Articles

Forums

All Feeds

Write For Us Get Paid

Request Media Kit

Site Map

Privacy Policy
Support

USERNAME

PASSWORD

>>> SIGN UP!

Lost Password?

JAVASCRIPT

RSS

Protecting the Server

By: O'Reilly Media	Search For More Articles! Disclaimer Author Terms
Rating: / 0
2008-09-11

Table of Contents:

Protecting the Server

Network Security

Security concerns

Network tiers and the DMZ

	ADD THIS ARTICLE TO:
	Del.ici.ous	Digg
	Blink	Simpy
	Google	Spurl
	Y! MyWeb	Furl

Email Me Similar Content When Posted

Add Developer Shed Article Feed To Your Site

Email Article To Friend

Print Version Of Article

PDF Version Of Article

Protecting the Server - Network Security

(Page 2 of 4 )

See that funny-looking telephone-like cable coming out of your DSL/cable modem? That’s the Internet. Before we can set up a web server, we must first prepare the network. You don’t want to plug the web server into the Internet with a giant Hack Me sign on it, do you? We must take some precautions first.

What we really need to do is separate us from them, right? Us being—you know—us, and them being—well—the bad guys. We need a wall—make that a firewall—to keep them out.

Firewalls

A firewall is a device sitting between a private network and a public network. Part of what helps make a private network private is, in fact, the firewall. The firewall’s job is to control traffic between computer networks with different zones of trust—for example, an internal, trusted zone, such as a private network, and an external, non-trusted zone, such as the Internet.

Trust boundaries

Different trust zones meet in what is known as trust boundaries. It is like a seam in the network and, as mentioned earlier, seams require added security attention. We need to make sure that all the gaps are filled and that the firewall allows the right kind of traffic. We do this with firewall rules. Firewall rules establish a security policy governing what traffic is allowed to flow through the firewall and in what direction.

The ultimate goal is to provide a controlled interface between the different trust zones and enforce common security policy on the traffic that flows between them based on the following security principles:

Principle of least privilege
A user should be allowed to do only what she is
required to do.

Separation of duties
   Define roles for users and assign different levels of
   access control. Control how the application is
   developed, tested, and deployed and who has
   access to application data.

Firewalls are good at making quick decisions about whether one machine should be allowed to talk to another. The easiest way for the firewall to do this is to base its decisions on source address and destination address.

Next: Security concerns >>

More JavaScript Articles
More By O'Reilly Media

Comments On: Protecting the Server

>>> Be the FIRST to comment on this article!

Buy this book...
This article is excerpted from chapter four of the book Securing Ajax Applications: Ensuring the Safety of the Dynamic Web, written by Christopher Wells (O'Reilly, 2007; ISBN: 0596529317). Check it out today at your favorite bookstore. Buy this book now.

JAVASCRIPT ARTICLES

- Validating Digits and Dates with jQuery`s Va...
- Validating Ranges, Emails, and URLs with jQu...
- More Uses for the jQuery Tooltip Plug-in`s b...
- Building Image-Based Tooltips with the jQuer...
- Using the jQuery Tooltip Plug-in`s bodyHandl...
- Using Rangelength, Min and Max with the Vali...
- Using Minlength and Maxlength with the Valid...
- Modifying Tooltip Coordinates with the jQuer...
- Applying a Fade Out Effect with the jQuery T...
- Tracking Mouse Movements with the jQuery Too...
- Checking Online Forms with the Validator jQu...
- Nested JavaScript Functions as Objects
- The jQuery Tooltip Plug-in
- Active Client Pages at the Server
- ACP Tab Web Page
Find More JavaScript Articles