Manualshelf

Web Enabling Your HP 3000

ManualsBrandsHP ManualsSoftwareMPE/iX 6.5 Operating System
11121314151617181920
Firewall
To secure your system in the Internet world, you must use multiple lines of defense. The outer-
most layer of security is the firewall. A firewall is a security device that places a combination of
hardware and software between a company’s internal network and systems and the Internet.
Today, firewalls are widely recognized as the preferred security technology for controlling net-
work traffic crossing the boundary between the Internet and business private internal networks.
They are used to control the types of communications that can be conducted over the Internet
by both internal users and outsiders.
There are many Firewall products available on the market. Some can be added to existing
routers and switches; others can be on standalone servers. We recommend Cisco IOS Firewall,
which is an add-on module available for a wide range of Cisco routers and switches.
Securely Running Your Internet Solutions
When you host a Web site, you are inviting information access to your system to wide audi-
ences. This invitation could result in exposing your system to significant security risks. A typical
architecture for implementing an Internet application “outside the firewall” accesses a resource
on the Intranet to supply customers with a “webified” view of the internal data. If you host your
external Web site directly on a production database server without rigorous measures in place,
your enterprise data can be compromised. When you place the firewall between your Web
server and your database server, if anyone hacks into your external Web server, the problem
most likely can stop at your web server. The threat to the system that houses your database
is reduced.
However, firewall does not protect against all security threats, nor can they sufficiently reduce
the risk for applications that implement dynamic contents like CGI programs. Firewalls are
designed to restrict and direct traffic between external machines on a more hostile environment
(the Internet) from internal machines on a more protected network (the internal company net-
work). They are not designed to run or host application programs. Therefore, other security
measures are absolutely required to protect the applications data and the operating system
itself. Some of the commonly used measures are:
Securing the host machine. Ensuring strong host security is a necessary precondition for any
of the other security mechanisms. The following are some methods you can use to secure
your host machine:
Properly configure the system security policies. Run the web server as an unprivileged
user with minimum capabilities and restrict file system access by limiting read/write
access using file access restrictions or permissions, lockwords and ACDs.
All subsystems must be configured properly to not allow unintentional access points.
Activate all logging facilities and regularly examine the logs to detect intrusion attempts.
Limit the number of login accounts on the server.
17