O'Reilly logo

Defensive Security Handbook by Amanda Berlin, Lee Brotherston

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 11. Unix Application Servers

Application servers are an obvious target for an attacker. They are often a central repository for all manner of data, be it authentication credentials, intellectual property, or financial data. Being so data rich provides an obvious point for a financially motivated attacker to monetize his attack, and for a politically motivated attacker to steal, destroy, or corrupt data.

Of course in a system architected to have many tiers, application servers may not contain data; however, they will contain application code and serve as an ideal pivot point to other systems. They are typically connected to other systems, such as databases, which places a target on the application servers.

For these reasons we should seek to ensure that the servers are built both to perform their desired function with specification and to withstand an attack.

It is always recommended that the infrastructure surrounding an application be configured to defend the server from attack. However, ensuring that a server is as well-defended as possible in its own right is also strongly advised. This way, in the event that any other defensive countermeasures fail or are bypassed—for example, by an attacker using lateral movement from within the infrastructure—the server is still defended as well as is sensibly possible.

The essentials for Windows-based platforms have already been described in Chapter 1, so this chapter will focus on Unix platforms such as Linux, FreeBSD, and Solaris. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required