{"id":449,"date":"2015-11-08T20:57:44","date_gmt":"2015-11-08T20:57:44","guid":{"rendered":"http:\/\/nethemba.com\/sk\/?page_id=449"},"modified":"2019-07-24T12:26:55","modified_gmt":"2019-07-24T11:26:55","slug":"ids-ips-waf-zabezpecenie-aplikacie","status":"publish","type":"page","link":"https:\/\/nethemba.com\/sk\/sluzby\/it-bezpecnostne-riesenia\/ids-ips-waf-zabezpecenie-aplikacie\/","title":{"rendered":"IDS, IPS, WAF, zabezpe\u010denie aplik\u00e1cie"},"content":{"rendered":"<p>Na dosiahnutie maxim\u00e1lnej syst\u00e9movej a aplika\u010dnej bezpe\u010dnosti pon\u00fakame ultra bezpe\u010dn\u00e9 opera\u010dn\u00e9 syst\u00e9my (zalo\u017een\u00e9 na bezpe\u010dnostn\u00fdch modeloch RBAC, DTE a MLS), segreg\u00e1ciu aplik\u00e1ci\u00ed ako aj cel\u00fdch opera\u010dn\u00fdch syst\u00e9mov pomocou virtualiza\u010dn\u00fdch techn\u00edk a extra zabezpe\u010dovanie prostredia a konfigur\u00e1cie web serverov.<\/p>\n<p><strong>Ultra bezpe\u010dn\u00fd (SELinux\/SEBSD) server<\/strong><\/p>\n<p><a href=\"http:\/\/www.nsa.gov\/research\/selinux\/\">SELinux<\/a> je najbezpe\u010dnej\u0161ia \u00faprava Linuxovej distrib\u00facie vyvinut\u00e1<a href=\"http:\/\/www.nsa.gov\/\">Americkou N\u00e1rodnou Bezpe\u010dnostnou Agent\u00farou (NSA)<\/a>. Namiesto tradi\u010dn\u00e9ho Unixov\u00e9ho modelu DAC pou\u017e\u00edva MAC (&#8222;Domain Type Enforcement&#8220;, &#8222;Role Based Access Control&#8220; a &#8222;MultiLevel Security&#8220; modely). Navrhujeme a vytv\u00e1rame na z\u00e1kazku SELinux politiky pre Va\u0161u aplik\u00e1ciu. Ide o ide\u00e1lne rie\u0161enie pre bankov\u00e9 spolo\u010dnosti, pois\u0165ovne a in\u00e9 ultra bezpe\u010dn\u00e9 webov\u00e9 port\u00e1ly. Pre fan\u00fa\u0161ikov BSD syst\u00e9mov pon\u00fakame tie\u017e SELinux politiku (<a href=\"http:\/\/www.trustedbsd.org\/sebsd.html\">SEBSD<\/a>) portovan\u00fa na <a href=\"http:\/\/www.trustedbsd.org\/\">TrustedBSD<\/a>.<\/p>\n<p><strong>Zabezpe\u010dovanie web serverov<\/strong><\/p>\n<p>Pre be\u017en\u00e9 &#8222;e-commerce&#8220; aplik\u00e1cie postaven\u00e9 na Apache alebo inom webovom serveri, PHP a MySQL\/PostgreSQL pon\u00fakame \u0161peci\u00e1lne zabezpe\u010denie syst\u00e9mov\u00e9ho prostredia a samotnej konfigur\u00e1cie:<\/p>\n<ul>\n<li>konfigur\u00e1cia a vyladenie webov\u00e9ho aplika\u010dn\u00e9ho firewallu (<a href=\"http:\/\/www.modsecurity.org\/\">mod_security<\/a>)<\/li>\n<li>\u0161peci\u00e1lne zabezpe\u010denie PHP (vyladenie PHP Safe mode, <a href=\"http:\/\/www.hardened-php.net\/suhosin\/\">PHP suhosin<\/a>, <a href=\"http:\/\/www.suphp.org\/\">suPHP<\/a>, chrootovan\u00fd Apache)<\/li>\n<li>bezpe\u010dnostn\u00e9 konzult\u00e1cie a poskytovanie &#8222;best-practice&#8220; r\u00e1d t\u00fdkaj\u00face sa bezpe\u010dn\u00e9ho programovania<\/li>\n<\/ul>\n<p><strong>Virtualiza\u010dn\u00e9 techniky<\/strong><\/p>\n<p>Niekedy m\u00f4\u017ee by\u0165 n\u00e1ro\u010dn\u00e9 alebo pr\u00edli\u0161 drah\u00e9 zabezpe\u010dova\u0165 aplik\u00e1cie pomocou <a href=\"http:\/\/www.nsa.gov\/research\/selinux\/\">SELinuxu<\/a>\/<a href=\"http:\/\/www.trustedbsd.org\/\">TrustedBSD<\/a> alebo \u0161peci\u00e1lnym zabezpe\u010dovan\u00edm prostredia\/konfigur\u00e1cie PHP. Pre tento pr\u00edpad pon\u00fakame kompletn\u00e9 transparentn\u00e9 rie\u0161enie &#8211; segreg\u00e1ciu kritick\u00fdch aplik\u00e1cii z h\u013eadiska bezpe\u010dnosti pomocou virtualiza\u010dn\u00fdch techn\u00edk (<a href=\"http:\/\/www.linux-kvm.org\/\">KVM<\/a>, <a href=\"http:\/\/wiki.openvz.org\/\">OpenVZ<\/a>, <a href=\"http:\/\/www.xen.org\/\">XEN<\/a>,<a href=\"http:\/\/www.vmware.com\/\">VMWare<\/a>). Virtualiz\u00e1cia m\u00f4\u017ee by\u0165 tie\u017e skvel\u00e9 rie\u0161enie pre providerov umo\u017e\u0148uj\u00faca hosting viacer\u00fdch virtualn\u00fdch serverov.<\/p>\n<p><strong>Cluster web aplika\u010dn\u00e9ho firewallu<\/strong><\/p>\n<p>Kompletne transparentn\u00e9 redundantn\u00e9 rie\u0161enie postaven\u00e9 na<a href=\"http:\/\/www.modsecurity.org\/\">mod_security web aplika\u010dnom firewalle<\/a> a <a href=\"http:\/\/www.nginx.org\/\">nginx<\/a> \/ <a href=\"http:\/\/www.apache.org\/\">Apache<\/a> reverznej proxy, ktor\u00e9 m\u00f4\u017ee by\u0165 pou\u017eit\u00e9 pre \u013eubovo\u013en\u00e9 vysoko-kritick\u00e9 web aplik\u00e1cie alebo port\u00e1ly.<\/p>\n<p><a href=\"http:\/\/en.wikipedia.org\/wiki\/Intrusion_Detection_System\">Syst\u00e9m detekcie \u00fatokov (IDS)<\/a> potrebn\u00fd na detekciu nebezpe\u010dn\u00fdch web aplika\u010dn\u00fdch \u00fatokov m\u00f4\u017ee by\u0165 integrovan\u00fd do samotn\u00e9ho clustra.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Na dosiahnutie maxim\u00e1lnej syst\u00e9movej a aplika\u010dnej bezpe\u010dnosti pon\u00fakame ultra bezpe\u010dn\u00e9 opera\u010dn\u00e9 syst\u00e9my (zalo\u017een\u00e9 na bezpe\u010dnostn\u00fdch modeloch RBAC, DTE a MLS), segreg\u00e1ciu aplik\u00e1ci\u00ed ako aj cel\u00fdch opera\u010dn\u00fdch syst\u00e9mov pomocou virtualiza\u010dn\u00fdch techn\u00edk a extra zabezpe\u010dovanie prostredia a konfigur\u00e1cie web serverov. Ultra bezpe\u010dn\u00fd (SELinux\/SEBSD) server SELinux je najbezpe\u010dnej\u0161ia \u00faprava Linuxovej distrib\u00facie vyvinut\u00e1Americkou N\u00e1rodnou Bezpe\u010dnostnou Agent\u00farou (NSA). Namiesto tradi\u010dn\u00e9ho [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":424,"menu_order":4,"comment_status":"closed","ping_status":"closed","template":"services_detail.php","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-449","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>IDS, IPS, WAF, zabezpe\u010denie aplik\u00e1cie - Nethemba<\/title>\n<meta name=\"description\" content=\"extra zabezpe\u010denie prostredia a konfigur\u00e1cie a web serverov. Ultra bezpe\u010dn\u00fd (SELinux\/SEBSD) server, RBAC, DTE a MLS, Cluster web aplika\u010dn\u00e9ho firewallu.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nethemba.com\/sk\/sluzby\/it-bezpecnostne-riesenia\/ids-ips-waf-zabezpecenie-aplikacie\/\" \/>\n<meta property=\"og:locale\" content=\"sk_SK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"IDS, IPS, WAF, zabezpe\u010denie aplik\u00e1cie - Nethemba\" \/>\n<meta property=\"og:description\" content=\"extra zabezpe\u010denie prostredia a konfigur\u00e1cie a web serverov. Ultra bezpe\u010dn\u00fd (SELinux\/SEBSD) server, RBAC, DTE a MLS, Cluster web aplika\u010dn\u00e9ho firewallu.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nethemba.com\/sk\/sluzby\/it-bezpecnostne-riesenia\/ids-ips-waf-zabezpecenie-aplikacie\/\" \/>\n<meta property=\"og:site_name\" content=\"Nethemba\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/nethemba\" \/>\n<meta property=\"article:modified_time\" content=\"2019-07-24T11:26:55+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@nethemba\" \/>\n<meta name=\"twitter:label1\" content=\"Predpokladan\u00fd \u010das \u010d\u00edtania\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 min\u00faty\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/sk\\\/sluzby\\\/it-bezpecnostne-riesenia\\\/ids-ips-waf-zabezpecenie-aplikacie\\\/\",\"url\":\"https:\\\/\\\/nethemba.com\\\/sk\\\/sluzby\\\/it-bezpecnostne-riesenia\\\/ids-ips-waf-zabezpecenie-aplikacie\\\/\",\"name\":\"IDS, IPS, WAF, zabezpe\u010denie aplik\u00e1cie - Nethemba\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\"},\"datePublished\":\"2015-11-08T20:57:44+00:00\",\"dateModified\":\"2019-07-24T11:26:55+00:00\",\"description\":\"extra zabezpe\u010denie prostredia a konfigur\u00e1cie a web serverov. Ultra bezpe\u010dn\u00fd (SELinux\\\/SEBSD) server, RBAC, DTE a MLS, Cluster web aplika\u010dn\u00e9ho firewallu.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nethemba.com\\\/sk\\\/sluzby\\\/it-bezpecnostne-riesenia\\\/ids-ips-waf-zabezpecenie-aplikacie\\\/#breadcrumb\"},\"inLanguage\":\"sk-SK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nethemba.com\\\/sk\\\/sluzby\\\/it-bezpecnostne-riesenia\\\/ids-ips-waf-zabezpecenie-aplikacie\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/sk\\\/sluzby\\\/it-bezpecnostne-riesenia\\\/ids-ips-waf-zabezpecenie-aplikacie\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nethemba.com\\\/sk\\\/domov\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Slu\u017eby\",\"item\":\"https:\\\/\\\/nethemba.com\\\/sk\\\/sluzby\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"IT bezpe\u010dnostn\u00e9 rie\u0161enia\",\"item\":\"https:\\\/\\\/nethemba.com\\\/sk\\\/sluzby\\\/it-bezpecnostne-riesenia\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"IDS, IPS, WAF, zabezpe\u010denie aplik\u00e1cie\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nethemba.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/nethemba.com\\\/de\\\/\",\"name\":\"Nethemba\",\"description\":\"We care about your security\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nethemba.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"sk-SK\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"IDS, IPS, WAF, zabezpe\u010denie aplik\u00e1cie - Nethemba","description":"extra zabezpe\u010denie prostredia a konfigur\u00e1cie a web serverov. Ultra bezpe\u010dn\u00fd (SELinux\/SEBSD) server, RBAC, DTE a MLS, Cluster web aplika\u010dn\u00e9ho firewallu.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nethemba.com\/sk\/sluzby\/it-bezpecnostne-riesenia\/ids-ips-waf-zabezpecenie-aplikacie\/","og_locale":"sk_SK","og_type":"article","og_title":"IDS, IPS, WAF, zabezpe\u010denie aplik\u00e1cie - Nethemba","og_description":"extra zabezpe\u010denie prostredia a konfigur\u00e1cie a web serverov. Ultra bezpe\u010dn\u00fd (SELinux\/SEBSD) server, RBAC, DTE a MLS, Cluster web aplika\u010dn\u00e9ho firewallu.","og_url":"https:\/\/nethemba.com\/sk\/sluzby\/it-bezpecnostne-riesenia\/ids-ips-waf-zabezpecenie-aplikacie\/","og_site_name":"Nethemba","article_publisher":"https:\/\/www.facebook.com\/nethemba","article_modified_time":"2019-07-24T11:26:55+00:00","twitter_card":"summary_large_image","twitter_site":"@nethemba","twitter_misc":{"Predpokladan\u00fd \u010das \u010d\u00edtania":"2 min\u00faty"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/nethemba.com\/sk\/sluzby\/it-bezpecnostne-riesenia\/ids-ips-waf-zabezpecenie-aplikacie\/","url":"https:\/\/nethemba.com\/sk\/sluzby\/it-bezpecnostne-riesenia\/ids-ips-waf-zabezpecenie-aplikacie\/","name":"IDS, IPS, WAF, zabezpe\u010denie aplik\u00e1cie - Nethemba","isPartOf":{"@id":"https:\/\/nethemba.com\/de\/#website"},"datePublished":"2015-11-08T20:57:44+00:00","dateModified":"2019-07-24T11:26:55+00:00","description":"extra zabezpe\u010denie prostredia a konfigur\u00e1cie a web serverov. Ultra bezpe\u010dn\u00fd (SELinux\/SEBSD) server, RBAC, DTE a MLS, Cluster web aplika\u010dn\u00e9ho firewallu.","breadcrumb":{"@id":"https:\/\/nethemba.com\/sk\/sluzby\/it-bezpecnostne-riesenia\/ids-ips-waf-zabezpecenie-aplikacie\/#breadcrumb"},"inLanguage":"sk-SK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nethemba.com\/sk\/sluzby\/it-bezpecnostne-riesenia\/ids-ips-waf-zabezpecenie-aplikacie\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/nethemba.com\/sk\/sluzby\/it-bezpecnostne-riesenia\/ids-ips-waf-zabezpecenie-aplikacie\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nethemba.com\/sk\/domov\/"},{"@type":"ListItem","position":2,"name":"Slu\u017eby","item":"https:\/\/nethemba.com\/sk\/sluzby\/"},{"@type":"ListItem","position":3,"name":"IT bezpe\u010dnostn\u00e9 rie\u0161enia","item":"https:\/\/nethemba.com\/sk\/sluzby\/it-bezpecnostne-riesenia\/"},{"@type":"ListItem","position":4,"name":"IDS, IPS, WAF, zabezpe\u010denie aplik\u00e1cie"}]},{"@type":"WebSite","@id":"https:\/\/nethemba.com\/de\/#website","url":"https:\/\/nethemba.com\/de\/","name":"Nethemba","description":"We care about your security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nethemba.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"sk-SK"}]}},"_links":{"self":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/pages\/449","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/comments?post=449"}],"version-history":[{"count":0,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/pages\/449\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/pages\/424"}],"wp:attachment":[{"href":"https:\/\/nethemba.com\/sk\/wp-json\/wp\/v2\/media?parent=449"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}