On Guard
Fortifying Your Site Against Attack
By Matt Curtin
So there you are, reading your favorite Web-based news site and you see an article about your company's recent run-in with the bad guys:
"Exploiting an apparent database security breach, a cracker got hold of thousands of customer names, addresses, and credit card numbers..."
If you thought the boss was mad at you before, wait until he or she sees the lovely press your company is getting now.
When it comes to network architecture, an alarming number of Web developers think it's enough to choose a scalable HTTP daemon, a solid operating system, and a robust programming language. Some don't even get that far. Yet, in the end, the decisions made about a site's architecture are the most significant. They can make or break a company—not only because architecture directly effects the performance and scalability of a site, but also because it ultimately determines how secure the site really is.
Locking Down the Server
In the parlance of firewalls, a "bastion host'' is a system that has been hardened to resist attack, because it is expected to come under attack. If the challenge doesn't materialize, that's wonderful, but the assumption is that it will. The point here is that your Web server should be a bastion host. (Also see "
Online Resources".)
Most people build a Web server by installing a general-purpose operating system like Linux and an HTTP daemon like Apache.
