Macromedia breeze 5 ユーザーガイド
16
Chapter 1: Before You Begin
The discussion on security is divided into the following sections:
•
Security levels
•
Solutions for a secure infrastructure
•
Best practices
•
Additional references
Security levels
When planning a security strategy, it is important to consider the various layers in a deployed
server environment, and devise a security plan for each layer. Typically, a comprehensive security
strategy incorporates the following elements:
server environment, and devise a security plan for each layer. Typically, a comprehensive security
strategy incorporates the following elements:
•
Infrastructure security
•
Application-level security
•
Physical security
Infrastructure security
Infrastructure security is by far the most important, but most overlooked, aspect of securing
Breeze. It is up to your IT department or administrator to provide a secure infrastructure for
Breeze.
Breeze. It is up to your IT department or administrator to provide a secure infrastructure for
Breeze.
There are three parts to providing a secure infrastructure for Breeze:
•
Network security
•
Breeze web server
•
Database server security
The following sections describe a secure infrastructure. The security measures you implement
depend on whether your Breeze system consists of a single server running in the DMZ
(demilitarized zone) or an elaborate multiserver system running with different trusted zones.
depend on whether your Breeze system consists of a single server running in the DMZ
(demilitarized zone) or an elaborate multiserver system running with different trusted zones.
Network security
Breeze relies on several private TCP/IP services for its communications. These services open
several ports and channels for private communication. These ports must be protected
from outside users. Breeze’s design requires the environment to provide security for these
communications. Sensitive ports should be placed behind a firewall that separates them from
non-trusted computers.
several ports and channels for private communication. These ports must be protected
from outside users. Breeze’s design requires the environment to provide security for these
communications. Sensitive ports should be placed behind a firewall that separates them from
non-trusted computers.
If you intend to have users access Breeze on your intranet, you should place the Breeze servers and
the Breeze database in a separate subnet, separated by a firewall. This configuration of the firewall
should take into consideration all Breeze ports and whether they are configured for inbound or
outbound traffic.
the Breeze database in a separate subnet, separated by a firewall. This configuration of the firewall
should take into consideration all Breeze ports and whether they are configured for inbound or
outbound traffic.
If you intend to have users access Breeze on the Internet, it is extremely important that you
separate the Breeze servers from the Internet with a firewall. If you do not take the necessary steps
to secure the Breeze servers, you are leaving your valuable information available for anyone to
steal. For more information, see “Security resources and references” on page 22.
separate the Breeze servers from the Internet with a firewall. If you do not take the necessary steps
to secure the Breeze servers, you are leaving your valuable information available for anyone to
steal. For more information, see “Security resources and references” on page 22.