Share-Ebooks.com

Most people think firewalls are all they need to secure their IT investment. Firewalls are very important, but they are just one piece of the overall security picture. Even with perfect installation, configuration, and maintenance, firewalls still must allow access to your public web servers. Hackers know how to use this permitted access to gain the foothold they need to gain access to your network. The kind of access a web server can give them is nothing short of complete administrative control. So when your organization decides to host a web server, you should understand that the server is fully exposed to attack, even if it is behind a top notch firewall. The most critical step towards protecting your public servers from attack is to harden
the servers and turn them into bastion hosts.

So what is a bastion host? A bastion host is a server that is configured very differently from typical servers. Typical servers run hundreds of services and programs that are not needed. Most of those services and programs are vulnerable to attack. The premise for building a bastion host is that the server can be divided so that each of its partitions fulfills a specific role. Once that role is understood—web server, mail server, middleware server, etc.—the partition can be secured to serve only that role. All the unnecessary services, executables, protocols, programs, and network ports can then be disabled or removed.

To Download this E-Book Click Here.