 |
|
 |
|
 |
 |
||
|
|
|
|
|
|
||
www.ecommerce-guide.com/news/trends/article.php/124951
By Mark Merkow, CCP, CISSP November 20, 1998 Your Auditors Will Love Them Too!Security people especially embrace three-tier systems for Internet, intranet, and extranet applications. When they''re present, these three tiers -- Web server(s), Application server(s), and Database server(s) -- greatly reduce many of the threats to production back-office systems and networks and empower you to perform an excellent job of "border protection." These concepts arise from industry best practices and recommendations from security experts around the world. Since by definition, your e-commerce site must be "security conscious," you''re advised to utilize these principles as much as possible in your own designs. Figure 1 below illustrates one example of a three-tier network architecture that''s not only robust and flexible, but highly secure too.  Figure 1 Three-tier "security conscious" architecture The diagram shows you how it''s possible to add security as traffic moves beyond the Web servers into deeper tiers. As you move through the inner firewalls, you can turn off protocols that don''t belong there. You can also force the uses of "trusted hosts" to help prevent unwanted requests from processing. We''ll see how that''s done shortly. In the first installment of the series, we discussed classifying data according to the level of protection it requires. This classification model should help you to decide instinctively where to properly place your data within the network. |
| Go to page: Prev 1 2 3 4 5 6 Next |
|
|
Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs 
