We have Weblogic server and Database server on our production environment. Should we disable internet access on these servers to protect them from hacking ?
Asked
Active
Viewed 1,083 times
1 Answers
1
Of course !
The "regular" 3-tier architecture involves only Front servers (web-servers) are internet-connected, and are linked to applications servers through another network, prefferably firewalled.
mveroone
- 474
- 7
- 22
-
Many thanks that is a very useful information for developers like me who have less exposure on production environments. – Jay Feb 26 '14 at 11:40
-
Sorry one more related question with regard to firewall in front of DB server. On firewall settings would we allow only the App server be able to access the DB through IP restrictions ? Or should there be any other tight security control for DB server ? – Jay Feb 26 '14 at 11:51
-
Ideally, only allow flow that you need. for example IP_application(all ports>1024) <=> IP_database(port 3306) for MySQL and so on. The App-DB firewall is a lot less important than the front-app firewall, as both applications and database are LAN-only. it epends on the security level you need. – mveroone Feb 26 '14 at 13:42