Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

11 Steps to Secure Your Servers Part 1: Server Architecture

DZone's Guide to

11 Steps to Secure Your Servers Part 1: Server Architecture

The beginning of an 11-part series from Inversoft about server security kicks off with with some of the basics: server architecture.

· Performance Zone
Free Resource

Evolve your approach to Application Performance Monitoring by adopting five best practices that are outlined and explored in this e-book, brought to you in partnership with BMC.

This is part 1 of a series of posts on server security from Inversoft's 2016 Guide to User Data Security. 

Server Security

The first step to securing user data is to secure the servers you will be running your applications and databases on. The process of securing servers revolves around a couple of core guidelines:

  • Use the least privilege possible
  • Prevent direct access when it isn’t required
  • Automate security checks and constraints
  • Send notifications for all activity
  • Identify users that can access the server

Server Architecture

In order to illustrate our thinking around server security, we need to cover what type of servers we are talking about. Because this guide is specifically about user data security, we will focus on applications that use a server-side component and a database to store and manage user data. This application will allow users to register, login and perform various functions. A few examples of this type of application are:

  • A web application where a user can login, access their account and perform various functions
  • A mobile application that communicates with the server to manage user accounts and user data

Now that we know what type of servers and applications we will be securing, let's take a look at the server architecture we used for our to-do application and the server architecture we recommend you use for your applications.

In general, you will want to separate your Database Server from your Application Server. While securing two servers instead of one does require additional work, it will give you the flexibility to control access to each server separately. This also means that if a breach does occur, the hacker will have a couple more hoops to jump through in order to gain access to your user data (we'll discuss this later).

On the Application Server, you will install the server-side code for your application. On the Database Server, you will install the database that you will be using (MySQL, PostgreSQL, Mongo, Reddis, etc). Depending on your needs, you can horizontally scale either of these servers. You will want to use the exact same configuration and access controls on each server to ensure consistency. DevOps is out of scope for this guide, but there are numerous tools available to create server images and deploy multiple instances of them. Similarly, there are many tools you can use to make a configuration change to all servers without having to log into each one separately.

Find our Github project here: https://github.com/inversoft/2016-security-scripts. This project contains a set of scripts you can execute from your local computer to secure a remote server. 

Learn tips and best practices for optimizing your capacity management strategy with the Market Guide for Capacity Management, brought to you in partnership with BMC.

Topics:
server architecture ,security ,security best practices ,user guide

Published at DZone with permission of Kelly Strain. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}