Manualshelf

User Guide

ManualsBrandsMacromedia ManualsOtherBREEZE 5
11121314151617181920
16 Chapter 1: Before You Begin
The discussion on security is divided into the following sections:
Security levels
Solutions for a secure infrastructure
Best practices
Additional references
Security levels
When planning a security strategy, it is important to consider the various layers in a deployed
server environment, and devise a security plan for each layer. Typically, a comprehensive security
strategy incorporates the following elements:
Infrastructure security
Application-level security
Physical security
Infrastructure security
Infrastructure security is by far the most important, but most overlooked, aspect of securing
Breeze. It is up to your IT department or administrator to provide a secure infrastructure for
Breeze.
There are three parts to providing a secure infrastructure for Breeze:
Network security
Breeze web server
Database server security
The following sections describe a secure infrastructure. The security measures you implement
depend on whether your Breeze system consists of a single server running in the DMZ
(demilitarized zone) or an elaborate multiserver system running with different trusted zones.
Network security
Breeze relies on several private TCP/IP services for its communications. These services open
several ports and channels for private communication. These ports must be protected
from outside users. Breezes design requires the environment to provide security for these
communications. Sensitive ports should be placed behind a firewall that separates them from
non-trusted computers.
If you intend to have users access Breeze on your intranet, you should place the Breeze servers and
the Breeze database in a separate subnet, separated by a firewall. This configuration of the firewall
should take into consideration all Breeze ports and whether they are configured for inbound or
outbound traffic.
If you intend to have users access Breeze on the Internet, it is extremely important that you
separate the Breeze servers from the Internet with a firewall. If you do not take the necessary steps
to secure the Breeze servers, you are leaving your valuable information available for anyone to
steal. For more information, see “Security resources and references” on page 22.