Register now or log in to join your professional community.
• Web Application Components include Presentation tier(the web server) ,Application tier ( code and business logic) and Persistent tier ( Database)
To secure the web archeticture, you should achieve the next points:
• Separate data and logic from presentation layer
-your presentation layer (the web server) is on a separate system from your application layer (the source code containing the business logic, and your data layer (SQL or similar database) is on a third separate system.
• Firewalls and DMZ
-lt is a best practice to place your web server in a Demilitarized Zone, or DMZ. A DMZ is a separate network between your private network and the lntemet where servers hosting external services reside. A DMZ places a firewall in front of your web server, and also between your web server and the back-end servers on your private network.
• Server hardening (ports and services)
Unnecessary ports should be closed. Unnecessary applications should be removed. Default user accounts should be disabled, all other user accounts should have strong passwords. Account passwords should not match passwords on internal systems. There are multiple guides available for web server hardening. Good resources include the Windows Security Compliance Toolkit, https://technet.microsoft.com/en-us/solutionaccelerators/cc.aspx and the book Apache Security: The Complete Guide to Securing your Apache WebServer from O'Reilly.
• Database hardening
Some key activities include:1-Using up-to-date revisions of database management system software.2-Keep the OS and the database software patched on the database server.3-Remove sample databases and database users.4-Remove or disable any unnecessary stored procedures or other functions.5-Isolate web databases from databases supporting other internal systems.6-Validate database logging is configured correctly.7-Block database access from systems other than the application or web server. Do not allow any traffic from the Internet direct to the database.8-Ensure the user ID used by the web or application server has very restrictive access, only what is necessary for the application. This user lD should not have rights to add or drop tables, modify stored procedures, or access system tables.
• Antivirus, Host based IDS
• Backups
https://www.digitalocean.com/community/tutorials/7-security-measures-to-protect-your-servers
check out this link