{"id":451,"date":"2015-11-08T20:57:54","date_gmt":"2015-11-08T20:57:54","guid":{"rendered":"http:\/\/nethemba.com\/cs\/?page_id=451"},"modified":"2019-08-19T16:21:02","modified_gmt":"2019-08-19T15:21:02","slug":"ids-ips-waf-zabezpeceni-aplikace-ids-ips-waf-zabezpeceni-aplikace","status":"publish","type":"page","link":"https:\/\/nethemba.com\/cs\/sluzby\/it-bezpecnostni-reseni\/ids-ips-waf-zabezpeceni-aplikace-ids-ips-waf-zabezpeceni-aplikace\/","title":{"rendered":"IDS, IPS, WAF, zabezpe\u010den\u00ed aplikace"},"content":{"rendered":"<p lang=\"cs-CZ\">Pro dosa\u017een\u00ed maxim\u00e1ln\u00ed syst\u00e9mov\u00e9 a aplika\u010dn\u00ed bezpe\u010dnosti nab\u00edz\u00edme ultra bezpe\u010dn\u00e9 opera\u010dn\u00ed syst\u00e9my (zalo\u017een\u00e9 na bezpe\u010dnostn\u00edch modelech RBAC, DTE a MLS), segregaci aplikac\u00ed i cel\u00fdch opera\u010dn\u00edch syst\u00e9m\u016f pomoc\u00ed virtualiza\u010dn\u00edch technik a extra zabezpe\u010den\u00ed prost\u0159ed\u00ed a konfigurace webov\u00fdch server\u016f.<\/p>\n<p lang=\"cs-CZ\"><strong>Ultra bezpe\u010dn\u00fd server (SELinux\/SEBSD)<\/strong><\/p>\n<p><a href=\"http:\/\/www.nsa.gov\/research\/selinux\/\">SELinux<\/a><span lang=\"cs-CZ\"> je v sou\u010dasn\u00e9 dob\u011b nejbezpe\u010dn\u011bj\u0161\u00ed \u00faprava linuxov\u00e9 distribuce vyvinut\u00e1 <\/span><a href=\"http:\/\/www.nsa.gov\/\">americkou N\u00e1rodn\u00ed Bezpe\u010dnostn\u00ed Agenturou (NSA)<\/a><span lang=\"cs-CZ\">. M\u00edsto tradi\u010dn\u00edho unixov\u00e9ho modelu DAC pou\u017e\u00edv\u00e1 tzv. MAC (&#8222;Domain Type Enforcement&#8220;, &#8222;Role Based Access Control&#8220; a &#8222;MultiLevel Security&#8220; bezpe\u010dnostn\u00ed modely). Navrhujeme a vytv\u00e1\u0159\u00edme na zak\u00e1zku SELinux politiky p\u0159\u00edmo pro Va\u0161i aplikaci. Jde o ide\u00e1ln\u00ed \u0159e\u0161en\u00ed pro bankovn\u00ed spole\u010dnosti, poji\u0161\u0165ovny a jin\u00e9 webov\u00e9 port\u00e1ly po\u017eaduj\u00edc\u00edch vysokou a velmi vysokou bezpe\u010dnost. Pro fanou\u0161ky BSD syst\u00e9m\u016f nab\u00edz\u00edme tak\u00e9 SELinux politiku (<\/span><a href=\"http:\/\/www.trustedbsd.org\/sebsd.html\">SEBSD<\/a><span lang=\"cs-CZ\">) p\u0159eportovanou na <\/span><a href=\"http:\/\/www.trustedbsd.org\/\">TrustedBSD<\/a><span lang=\"cs-CZ\">.<\/span><\/p>\n<p lang=\"cs-CZ\"><strong>Zabezpe\u010dov\u00e1n\u00ed web server\u016f<\/strong><\/p>\n<p lang=\"cs-CZ\">Pro b\u011b\u017en\u00e9 &#8222;e-commerce&#8220; aplikace postaven\u00e9 na Apache nebo jin\u00e9m webov\u00e9m serveru nab\u00edz\u00edme speci\u00e1ln\u00ed zabezpe\u010den\u00ed syst\u00e9mov\u00e9ho prost\u0159ed\u00ed a samotn\u00e9 konfigurace:<\/p>\n<ul>\n<li><span lang=\"cs-CZ\">konfigurace a vylad\u011bn\u00ed webov\u00e9ho aplika\u010dn\u00edho firewallu (<\/span><a href=\"http:\/\/www.modsecurity.org\/\">mod_security<\/a><span lang=\"cs-CZ\">)<\/span><\/li>\n<li><span lang=\"cs-CZ\">speci\u00e1ln\u00ed zabezpe\u010den\u00ed PHP (vylad\u011bn\u00ed PHP Safe mode, <\/span><a href=\"http:\/\/www.hardened-php.net\/suhosin\/\">PHP suhosin<\/a><span lang=\"cs-CZ\">,<\/span><a href=\"http:\/\/www.suphp.org\/\">suPHP<\/a><span lang=\"cs-CZ\">, chroot Apache)<\/span><\/li>\n<li>\n<p lang=\"cs-CZ\">bezpe\u010dnostn\u00ed konzultace a poskytov\u00e1n\u00ed &#8222;best-practice&#8220; rad t\u00fdkaj\u00edc\u00edch se bezpe\u010dn\u00e9ho programov\u00e1n\u00ed<\/p>\n<\/li>\n<\/ul>\n<p lang=\"cs-CZ\"><strong>Virtualiza\u010dn\u00ed techniky<\/strong><\/p>\n<p lang=\"cs-CZ\"><span lang=\"cs-CZ\">N\u011bkdy m\u016f\u017ee b\u00fdt n\u00e1ro\u010dn\u00e9 nebo p\u0159\u00edli\u0161 drah\u00e9 zabezpe\u010dovat aplikace pomoc\u00ed <\/span><a href=\"http:\/\/www.nsa.gov\/research\/selinux\/\">SELinuxu<\/a><span lang=\"cs-CZ\">\/<\/span><a href=\"http:\/\/www.trustedbsd.org\/\">TrustedBSD<\/a><span lang=\"cs-CZ\"> nebo speci\u00e1ln\u00edm zabezpe\u010den\u00edm prost\u0159ed\u00ed a konfigurace PHP. Pro tento p\u0159\u00edpad nab\u00edz\u00edme kompletn\u00ed transparentn\u00ed \u0159e\u0161en\u00ed &#8211; segregaci kritick\u00fdch aplikac\u00ed z hlediska bezpe\u010dnosti pomoc\u00ed virtualiza\u010dn\u00edch technik (<\/span><a href=\"http:\/\/www.linux-kvm.org\/\">KVM<\/a><span lang=\"cs-CZ\">, <\/span><a href=\"http:\/\/wiki.openvz.org\/\">OpenVZ<\/a><span lang=\"cs-CZ\">, <\/span><a href=\"http:\/\/www.xen.org\/\">XEN<\/a><span lang=\"cs-CZ\">, <\/span><a href=\"http:\/\/www.vmware.com\/\">VMWare<\/a><span lang=\"cs-CZ\">). Virtualizace m\u016f\u017ee b\u00fdt tak\u00e9 skv\u011bl\u00e9 \u0159e\u0161en\u00ed pro providery umo\u017e\u0148uj\u00edc\u00ed hostov\u00e1n\u00ed v\u00edce virtu\u00e1ln\u00edch server\u016f.<\/span><\/p>\n<p lang=\"cs-CZ\"><strong>Cluster webov\u00e9ho aplika\u010dn\u00edho firewallu<\/strong><\/p>\n<p><span lang=\"cs-CZ\">Kompletn\u00ed transparentn\u00ed redundantn\u00ed \u0159e\u0161en\u00ed postaven\u00e9 na<\/span><a href=\"http:\/\/www.modsecurity.org\/\">mod_security webov\u00e9m aplika\u010dn\u00edm firewall<\/a><a href=\"http:\/\/www.modsecurity.org\/\">u<\/a><span lang=\"cs-CZ\"> a <\/span><a href=\"http:\/\/www.nginx.org\/\">nginx<\/a><span lang=\"cs-CZ\"> \/ <\/span><a href=\"http:\/\/www.apache.org\/\">Apache<\/a><span lang=\"cs-CZ\"> reverzn\u00ed proxy, kter\u00e9 m\u016f\u017ee b\u00fdt pou\u017eit\u00e9 pro libovoln\u00e9 vysoce-kritick\u00e9 webov\u00e9 aplikace nebo port\u00e1ly.<\/span><\/p>\n<p><a href=\"http:\/\/en.wikipedia.org\/wiki\/Intrusion_Detection_System\">Syst\u00e9m detekcie \u00fatokov (IDS)<\/a><span lang=\"cs-CZ\"> pot\u0159ebn\u00fd na detekci nebezpe\u010dn\u00fdch webov\u00fdch aplika\u010dn\u00edch \u00fatok\u016f m\u016f\u017ee b\u00fdt integrovan\u00fd do samotn\u00e9ho clusteru.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Pro dosa\u017een\u00ed maxim\u00e1ln\u00ed syst\u00e9mov\u00e9 a aplika\u010dn\u00ed bezpe\u010dnosti nab\u00edz\u00edme ultra bezpe\u010dn\u00e9 opera\u010dn\u00ed syst\u00e9my (zalo\u017een\u00e9 na bezpe\u010dnostn\u00edch modelech RBAC, DTE a MLS), segregaci aplikac\u00ed i cel\u00fdch opera\u010dn\u00edch syst\u00e9m\u016f pomoc\u00ed virtualiza\u010dn\u00edch technik a extra zabezpe\u010den\u00ed prost\u0159ed\u00ed a konfigurace webov\u00fdch server\u016f. Ultra bezpe\u010dn\u00fd server (SELinux\/SEBSD) SELinux je v sou\u010dasn\u00e9 dob\u011b nejbezpe\u010dn\u011bj\u0161\u00ed \u00faprava linuxov\u00e9 distribuce vyvinut\u00e1 americkou N\u00e1rodn\u00ed Bezpe\u010dnostn\u00ed Agenturou [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":426,"menu_order":4,"comment_status":"closed","ping_status":"closed","template":"services_detail.php","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-451","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>IDS, IPS, WAF, zabezpe\u010den\u00ed aplikace - Nethemba<\/title>\n<meta name=\"description\" content=\"Pro dosa\u017een\u00ed maxim\u00e1ln\u00ed syst\u00e9mov\u00e9 a aplika\u010dn\u00ed bezpe\u010dnosti nab\u00edz\u00edme ultra bezpe\u010dn\u00e9 opera\u010dn\u00ed syst\u00e9my (zalo\u017een\u00e9 na bezpe\u010dnostn\u00edch modelech RBAC, DTE a MLS), segregaci aplikac\u00ed i cel\u00fdch opera\u010dn\u00edch syst\u00e9m\u016f.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nethemba.com\/cs\/sluzby\/it-bezpecnostni-reseni\/ids-ips-waf-zabezpeceni-aplikace-ids-ips-waf-zabezpeceni-aplikace\/\" \/>\n<meta property=\"og:locale\" content=\"cs_CZ\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"IDS, IPS, WAF, zabezpe\u010den\u00ed aplikace - Nethemba\" \/>\n<meta property=\"og:description\" content=\"Pro dosa\u017een\u00ed maxim\u00e1ln\u00ed syst\u00e9mov\u00e9 a aplika\u010dn\u00ed bezpe\u010dnosti nab\u00edz\u00edme ultra bezpe\u010dn\u00e9 opera\u010dn\u00ed syst\u00e9my (zalo\u017een\u00e9 na bezpe\u010dnostn\u00edch modelech RBAC, DTE a MLS), segregaci aplikac\u00ed i cel\u00fdch opera\u010dn\u00edch syst\u00e9m\u016f.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nethemba.com\/cs\/sluzby\/it-bezpecnostni-reseni\/ids-ips-waf-zabezpeceni-aplikace-ids-ips-waf-zabezpeceni-aplikace\/\" \/>\n<meta property=\"og:site_name\" content=\"Nethemba\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nethemba\" \/>\n<meta property=\"article:modified_time\" content=\"2019-08-19T15:21:02+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@nethemba\" \/>\n<meta name=\"twitter:label1\" content=\"Odhadovan\u00e1 doba \u010dten\u00ed\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minuty\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/sluzby\\\/it-bezpecnostni-reseni\\\/ids-ips-waf-zabezpeceni-aplikace-ids-ips-waf-zabezpeceni-aplikace\\\/\",\"url\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/sluzby\\\/it-bezpecnostni-reseni\\\/ids-ips-waf-zabezpeceni-aplikace-ids-ips-waf-zabezpeceni-aplikace\\\/\",\"name\":\"IDS, IPS, WAF, zabezpe\u010den\u00ed aplikace - Nethemba\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\"},\"datePublished\":\"2015-11-08T20:57:54+00:00\",\"dateModified\":\"2019-08-19T15:21:02+00:00\",\"description\":\"Pro dosa\u017een\u00ed maxim\u00e1ln\u00ed syst\u00e9mov\u00e9 a aplika\u010dn\u00ed bezpe\u010dnosti nab\u00edz\u00edme ultra bezpe\u010dn\u00e9 opera\u010dn\u00ed syst\u00e9my (zalo\u017een\u00e9 na bezpe\u010dnostn\u00edch modelech RBAC, DTE a MLS), segregaci aplikac\u00ed i cel\u00fdch opera\u010dn\u00edch syst\u00e9m\u016f.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/sluzby\\\/it-bezpecnostni-reseni\\\/ids-ips-waf-zabezpeceni-aplikace-ids-ips-waf-zabezpeceni-aplikace\\\/#breadcrumb\"},\"inLanguage\":\"cs\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nethemba.com\\\/cs\\\/sluzby\\\/it-bezpecnostni-reseni\\\/ids-ips-waf-zabezpeceni-aplikace-ids-ips-waf-zabezpeceni-aplikace\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/sluzby\\\/it-bezpecnostni-reseni\\\/ids-ips-waf-zabezpeceni-aplikace-ids-ips-waf-zabezpeceni-aplikace\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/home-new-2025\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Slu\u017eby\",\"item\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/sluzby\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"IT bezpe\u010dnostn\u00ed \u0159e\u0161en\u00ed\",\"item\":\"https:\\\/\\\/nethemba.com\\\/cs\\\/sluzby\\\/it-bezpecnostni-reseni\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"IDS, IPS, WAF, zabezpe\u010den\u00ed aplikace\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/nethemba.com\\\/de\\\/\",\"name\":\"Nethemba\",\"description\":\"We care about your security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nethemba.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"cs\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"IDS, IPS, WAF, zabezpe\u010den\u00ed aplikace - Nethemba","description":"Pro dosa\u017een\u00ed maxim\u00e1ln\u00ed syst\u00e9mov\u00e9 a aplika\u010dn\u00ed bezpe\u010dnosti nab\u00edz\u00edme ultra bezpe\u010dn\u00e9 opera\u010dn\u00ed syst\u00e9my (zalo\u017een\u00e9 na bezpe\u010dnostn\u00edch modelech RBAC, DTE a MLS), segregaci aplikac\u00ed i cel\u00fdch opera\u010dn\u00edch syst\u00e9m\u016f.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nethemba.com\/cs\/sluzby\/it-bezpecnostni-reseni\/ids-ips-waf-zabezpeceni-aplikace-ids-ips-waf-zabezpeceni-aplikace\/","og_locale":"cs_CZ","og_type":"article","og_title":"IDS, IPS, WAF, zabezpe\u010den\u00ed aplikace - Nethemba","og_description":"Pro dosa\u017een\u00ed maxim\u00e1ln\u00ed syst\u00e9mov\u00e9 a aplika\u010dn\u00ed bezpe\u010dnosti nab\u00edz\u00edme ultra bezpe\u010dn\u00e9 opera\u010dn\u00ed syst\u00e9my (zalo\u017een\u00e9 na bezpe\u010dnostn\u00edch modelech RBAC, DTE a MLS), segregaci aplikac\u00ed i cel\u00fdch opera\u010dn\u00edch syst\u00e9m\u016f.","og_url":"https:\/\/nethemba.com\/cs\/sluzby\/it-bezpecnostni-reseni\/ids-ips-waf-zabezpeceni-aplikace-ids-ips-waf-zabezpeceni-aplikace\/","og_site_name":"Nethemba","article_publisher":"https:\/\/www.facebook.com\/nethemba","article_modified_time":"2019-08-19T15:21:02+00:00","twitter_card":"summary_large_image","twitter_site":"@nethemba","twitter_misc":{"Odhadovan\u00e1 doba \u010dten\u00ed":"2 minuty"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/nethemba.com\/cs\/sluzby\/it-bezpecnostni-reseni\/ids-ips-waf-zabezpeceni-aplikace-ids-ips-waf-zabezpeceni-aplikace\/","url":"https:\/\/nethemba.com\/cs\/sluzby\/it-bezpecnostni-reseni\/ids-ips-waf-zabezpeceni-aplikace-ids-ips-waf-zabezpeceni-aplikace\/","name":"IDS, IPS, WAF, zabezpe\u010den\u00ed aplikace - Nethemba","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/#website"},"datePublished":"2015-11-08T20:57:54+00:00","dateModified":"2019-08-19T15:21:02+00:00","description":"Pro dosa\u017een\u00ed maxim\u00e1ln\u00ed syst\u00e9mov\u00e9 a aplika\u010dn\u00ed bezpe\u010dnosti nab\u00edz\u00edme ultra bezpe\u010dn\u00e9 opera\u010dn\u00ed syst\u00e9my (zalo\u017een\u00e9 na bezpe\u010dnostn\u00edch modelech RBAC, DTE a MLS), segregaci aplikac\u00ed i cel\u00fdch opera\u010dn\u00edch syst\u00e9m\u016f.","breadcrumb":{"@id":"https:\/\/nethemba.com\/cs\/sluzby\/it-bezpecnostni-reseni\/ids-ips-waf-zabezpeceni-aplikace-ids-ips-waf-zabezpeceni-aplikace\/#breadcrumb"},"inLanguage":"cs","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nethemba.com\/cs\/sluzby\/it-bezpecnostni-reseni\/ids-ips-waf-zabezpeceni-aplikace-ids-ips-waf-zabezpeceni-aplikace\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/nethemba.com\/cs\/sluzby\/it-bezpecnostni-reseni\/ids-ips-waf-zabezpeceni-aplikace-ids-ips-waf-zabezpeceni-aplikace\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nethemba.com\/cs\/home-new-2025\/"},{"@type":"ListItem","position":2,"name":"Slu\u017eby","item":"https:\/\/nethemba.com\/cs\/sluzby\/"},{"@type":"ListItem","position":3,"name":"IT bezpe\u010dnostn\u00ed \u0159e\u0161en\u00ed","item":"https:\/\/nethemba.com\/cs\/sluzby\/it-bezpecnostni-reseni\/"},{"@type":"ListItem","position":4,"name":"IDS, IPS, WAF, zabezpe\u010den\u00ed aplikace"}]},{"@type":"WebSite","@id":"https:\/\/nethemba.com\/de\/#website","url":"https:\/\/nethemba.com\/de\/","name":"Nethemba","description":"We care about your security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nethemba.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"cs"}]}},"_links":{"self":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/pages\/451","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/comments?post=451"}],"version-history":[{"count":0,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/pages\/451\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/pages\/426"}],"wp:attachment":[{"href":"https:\/\/nethemba.com\/cs\/wp-json\/wp\/v2\/media?parent=451"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}