Home > Cloud Computing > Cloud Security

Secure DMZ web server configuration Device

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Q: I need to put the web server into DMZ, and the server needs to access the data in the network attached storage NAS box on the Intranet. Is there any best practices for building a secure DMZ web server?

A: This is a good question. We often encounter such problems. Generally, you may want to separate the network-oriented systems from the support components and put them in their proprietary spaces, such as separating them from the Intranet ).

Expand this initial idea to ensure that the DMZ Web server has the best possible security level, and consider placing the NAS device on its proprietary network segment. In this way, if the Web server is cracked, the incidental losses will be minimized. The incidental loss is to mitigate the risk of attackers entering the NAS box and other networks. In this way, you can set a strategic blocking point choke point to monitor malicious activities. An example of such deployment is to set up an inline Web application firewall (WAF) or Intrusion Prevention System (IPS) to protect downstream links (downstream link) such as links on the DMZ interface ).

From the Internet perspective, I will implement the appropriate inbound) Access Control List ACL) and try to restrict NAS. For example, using built-in firewall security restrictions can prevent traffic from untrusted interfaces, such as the Internet or DMZ, from flowing to trusted interfaces, such as the Intranet ). In addition, access to the network-oriented DMZ should be limited to the appropriate application ports, such as TCP port 80 and TCP port 443 ). Consider executing a strict outbound ACL to control the traffic from the Intranet to DMZ.

All other traditional servers strengthen rule applications, especially on DMZ swing. If you are mainly processing static content on nas, consider some types of file Integration monitoring systems. Tripwire provides a commercial product, AIDE Open Source Tool, which you can find in SourceForge.

  1. How to design a secure layer-4 DMZ Based on search results
  2. Choose single-firewall DMZ or dual-firewall DMZ

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
secure web server godaddy secure server web mail web server configuration file apache web server configuration web hosting server configuration web server configuration web server configuration in linux
Related Article
Cloud security to achieve effective prevention of the future ...
Focus on three major cloud security areas, you know?
Decrypting Cisco type 5 password hashes
Using redis to write webshell

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More