• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

DMZ - Simple web app only

 
Cory Chen
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How can you secure a simple web-application (no EJBs) running inside just a web-container by placing it behind the DMZ? Could you please provide an example?

Thanks for your comments!
 
Cameron Wallace McKenzie
author and cow tipper
Saloon Keeper
Posts: 4968
1
Hibernate Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What do you mean by secure? Just providing authentication? Authorization? Or are you just trying to secure it from a port standpoint?

Authorization and authentication can be done simply through the web.xml file, using any type of user registry, but quite often LDAP.

-Cameron McKenzie
 
Cory Chen
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Securing it from the port (network) standpoint. Making sure that only trusted systems (web servers) can talk to your app.

Thanks for your time!
 
aditee sharma
Ranch Hand
Posts: 182
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
An example would be the web server that hosts the web (pure html, javascript and image files) for our application here.
I can not just login to the web server directly through putty.
Its put inside the DMZ and the only way to access the files is through the app servers.
I first login through the app server and then do a ftp on the webserver.
 
Cory Chen
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Aditee!

Just to confirm, you mean the app server is placed behind the DMZ and not the webserver, correct?
 
aditee sharma
Ranch Hand
Posts: 182
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The web server in the DMZ and the application server behind the fire wall.
 
Galaxy galaxy
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can anyone please explain what is DMZ.
 
Ashwin Pai
Ranch Hand
Posts: 90
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
DMZ or DeMilitrized Zone or Demarcation Zone is a network zone provided for a layer of protection for the machines in the internal network. Usually servers that are exposed to the internet (DNS,e-mail, web servers) are placed in this zone. Machines in this zone can communicate with each other directly, but are not allowed to communicate directly with the machines within the internal network. They have to go through a inner firewall. This is rightly done to protect the internal organization network from internet (if the webserver/email server has been hacked).
In simple words its the zone between 2 firewalls.

The app is considered protected(not in terms of authentication/authorization) because the webserver is protected by an outer firewall.Hope this helps.

Ashwin
 
Galaxy galaxy
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Ashwin!!

That clarfiies my doubt about DMZ.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic