Question for security management and overhead and concerns

Jack Challen jack_challen at ocsl.co.uk
Tue Jun 6 12:48:22 UTC 2006


Yasushi Okubo wrote:
> But I know how to setup iptables, but do not have much experience for
> security management to protect this box from security threat through
> application servers like apache/tomcat.

That's probably going to be your biggest problem. How well has your web
application been tested and reviewed for security? Where has it come
from? What does it do with unexpected data? Has a team of inventive,
clever people spent time trying to break it?

There are companies that specialize in testing this sort of stuff;
security isn't a switch that one can simply flick on -- there's no point
firewalling everything except HTTP access if the web application is
vulnerable to SQL injection attacks.

In my opinion, a linux box with no open ports is pretty damn secure.
Opening up access to the web application will therefore probably only
expose holes in your web application (and the webserver, but Apache's
pretty well trusted!)

jack




More information about the redhat-list mailing list