Problem solve Get help with specific problems with your technologies, process and projects.

Solaris Web services security: Isolate the Web services host server

Learn to configure a secure Solaris-based Web Services host!


There are several choices for placing a Web server in an organization's network. To ensure that traffic between...

the Internet and the server does not traverse any part of your private internal network and that no internal network traffic is visible to the server, place it on a separate, protected subnetwork. A public Web services host is intended for public access. As such, people from locations all over the world will access the host and the information it serves up. Regardless of how secure the host and its application software are configured, there is still the chance that someone will exploit a new vulnerability and gain access to the Web services host. To guard against an intruder capturing network data flowing between internal hosts or either obtaining information or access to internal hosts, the Web services host must be isolated from the internal network and it traffic.

By placing the Web services host on a subnet isolated from public and internal networks, network traffic bound for the Web server subnet can be better monitored and controlled. This aids in the configuring of any router/firewall used to protect access to the subnet as well as provide intrusion detection. It also prohibits the capture of internal traffic by an intruder who has gained access to the Web server.

In this 12-part tip Unix expert Gary Smith breaks down the process of building and maintaining a highly secure Web services architecture on the Solaris platform.

Table of contents:
Part 1: Isolate the Web services host server
Part 2: Install and configure a very basic operating system
Part 3: Force the use of su to gain root access
Part 4: Disable trusted host relationships and create a warning banner
Part 5: Configuring user accounts
Part 6: Disabling and removing unnecessary accounts
Part 7: Configure network access control
Part 8: Configure network services
Part 9: Install OpenSSH, disable NFS and reboot
Part 10: Set file permissions
Part 11: Test the configuration
Part 12: Conclusion

This was last published in October 2002

Dig Deeper on Web application and API security best practices

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.