000022456 - If an application server is protected with an RSA ClearTrust Agent  is it necessary to protect the web server too?

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022456
Applies ToRSA ClearTrust 4.7
iPlanet Directory Server
Microsoft Windows NT 4.0
Microsoft Windows 2000
Sun Solaris
IssueIf an application server is protected with an RSA ClearTrust Agent, is it necessary to protect the web server too?
ResolutionThe answer to this answer is, it depends on the your architecture and/or environment. For instance, all the pages that a user can access by typing the URL directly into a browser, and that this user does not have access to without authentication, must be protected by ClearTrust and the corresponding agent, a firewall, or by both. The URLs could refer to any HTML page, subdirectory, CGIs, JSPs, or ASPs, as well as to any application running on top of the application server.

If all the URLs that provide access to an application server are protected but the application server accesses other Web servers or other critical resources in the background, it is up to the application server to control the access (for instance, using the ClearTrust runtime API).

In addition, you need the ClearTrust agents or the runtime API in all the servers that require authentication from the user and for which you want to provide SSO.

Given the complexity of some environments, RSA Security Professional Services can be engaged to help you design your security strategy and Web management infrastructure.
Legacy Article IDa11547

Attachments

    Outcomes