Network layer security

Network security vulnerabilities are among the first threats to any Internet-facing or intranet-facing application server. This section describes the process of hardening hosts on the network against these vulnerabilities. It addresses network segmentation, Transmission Control Protocol/Internet Protocol (TCP/IP) stack hardening, and the use of firewalls for host protection.

This table describes common techniques that reduce network security vulnerabilities.

Technique

Description

Demilitarized zones (DMZs)

Segmentation must exist in at least two levels with the application server used to run Adobe Access placed behind the inner firewall. Separate the external network from the DMZ that contains the web servers, which in turn must be separated from the internal network. Use firewalls to implement the layers of separation. Categorize and control the traffic that passes through each network layer to ensure that only the absolute minimum of required data is allowed.

Private IP addresses

Use Network Address Translation (NAT) with RFC 1918 private IP addresses on Adobe Access application servers. Assign private IP addresses (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) to make it more difficult for an attacker to route traffic to and from a NAT internal host through the Internet.

Firewalls

Use the following criteria to select a firewall solution:

  • Implement firewalls that support proxy servers and/or stateful inspection instead of simple packet-filtering solutions.

  • Use a firewall that supports a security paradigm in which you can deny all services except those explicitly permitted.

  • Implement a firewall solution that is dual-homed or multi-homed. This architecture provides the greatest level of security and helps to prevent unauthorized users from bypassing the firewall security.

On this page

Adobe Summit Banner

A virtual event April 27-28.

Expand your skills and get inspired.

Register for free
Adobe Summit Banner

A virtual event April 27-28.

Expand your skills and get inspired.

Register for free
Adobe Maker Awards Banner

Time to shine!

Apply now for the 2021 Adobe Experience Maker Awards.

Apply now
Adobe Maker Awards Banner

Time to shine!

Apply now for the 2021 Adobe Experience Maker Awards.

Apply now