Overview


Middle-tier application servers are most often used to host business logic and data access services. This functionality is usually packaged inside Enterprise Services applications or is exposed to front-end Web servers by using middle- tier Web services or Microsoft .NET Remoting technology. This chapter addresses each technology separately and shows you how to secure your application server in each case.

Figure 17.1 shows the focus of this chapter, which includes configuring internal firewalls that are featured in many multitiered deployment models.

click to expand
Figure 17.1: Remote application server deployment model

Before delving into technology-specific configuration, the chapter identifies the main threats to an application server. These threats are somewhat different from those that apply to an Internet- facing Web server because middle-tier application servers are (or should be) isolated from direct Internet access.

To secure the application server, you must apply an incremental security configuration after the underlying operating system and Internet Information Services (IIS) Web server (if installed) have been locked down.




Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net