DZone
Performance Zone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
  • Refcardz
  • Trend Reports
  • Webinars
  • Zones
  • |
    • Agile
    • AI
    • Big Data
    • Cloud
    • Database
    • DevOps
    • Integration
    • IoT
    • Java
    • Microservices
    • Open Source
    • Performance
    • Security
    • Web Dev
DZone > Performance Zone > 11 Steps to Secure Your Servers Part 1: Server Architecture

11 Steps to Secure Your Servers Part 1: Server Architecture

The beginning of an 11-part series from Inversoft about server security kicks off with with some of the basics: server architecture.

Kelly Strain user avatar by
Kelly Strain
·
Jun. 24, 16 · Performance Zone · Tutorial
Like (2)
Save
Tweet
3.43K Views

Join the DZone community and get the full member experience.

Join For Free

This is part 1 of a series of posts on server security from Inversoft's 2016 Guide to User Data Security. 

Server Security

The first step to securing user data is to secure the servers you will be running your applications and databases on. The process of securing servers revolves around a couple of core guidelines:

  • Use the least privilege possible
  • Prevent direct access when it isn’t required
  • Automate security checks and constraints
  • Send notifications for all activity
  • Identify users that can access the server

Server Architecture

In order to illustrate our thinking around server security, we need to cover what type of servers we are talking about. Because this guide is specifically about user data security, we will focus on applications that use a server-side component and a database to store and manage user data. This application will allow users to register, login and perform various functions. A few examples of this type of application are:

  • A web application where a user can login, access their account and perform various functions
  • A mobile application that communicates with the server to manage user accounts and user data

Now that we know what type of servers and applications we will be securing, let's take a look at the server architecture we used for our to-do application and the server architecture we recommend you use for your applications.

In general, you will want to separate your Database Server from your Application Server. While securing two servers instead of one does require additional work, it will give you the flexibility to control access to each server separately. This also means that if a breach does occur, the hacker will have a couple more hoops to jump through in order to gain access to your user data (we'll discuss this later).

On the Application Server, you will install the server-side code for your application. On the Database Server, you will install the database that you will be using (MySQL, PostgreSQL, Mongo, Reddis, etc). Depending on your needs, you can horizontally scale either of these servers. You will want to use the exact same configuration and access controls on each server to ensure consistency. DevOps is out of scope for this guide, but there are numerous tools available to create server images and deploy multiple instances of them. Similarly, there are many tools you can use to make a configuration change to all servers without having to log into each one separately.

Find our Github project here: https://github.com/inversoft/2016-security-scripts. This project contains a set of scripts you can execute from your local computer to secure a remote server. 

security mobile app Architecture

Published at DZone with permission of Kelly Strain. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Composable Architecture
  • DZone's Article Submission Guidelines
  • How to Generate Fake Test Data
  • Evolving Domain-Specific Languages

Comments

Performance Partner Resources

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • MVB Program
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo