Tech Support banner

1 - 7 of 7 Posts

·
Registered
Joined
·
113 Posts
Discussion Starter #1
Newbie question – as a matter of fact, I know nothing about network security.
Have googled extensively but cannot find the answer. Maybe I used the wrong keyword search: cyber security surface area reduction, segmentation
I hope someone can provide me some feedback or some relevant key words to google.
This is my network security scenario.
If within a network, there are 4 or 5 servers currently connected to the internet. So, each server is its own platform.
Each server is task specific (i.e. no overlapping, totally unique from one another).
Users login either from outside the network or within the network. Same user may have to log in multiple systems (separately) to get all the necessary info he/she needs.
So, system admin has to monitor the network traffic and the security of these servers. These servers are behind the proxy server to safeguard their security.
Still this setup has a large security surface area to maintain.
Would this security surface area be decreased if someone can integrate all the services from all these individual servers together and with single sign-on so that users do not need to login multiple times?
My reason is the more servers there are to maintain, the more ports to watch over and the more vulnerability there is.
Consolidate services of all these servers into one may reduce the possibility of external attacks and easier to admin. Am I correct?
Total number of end-users for the services from these servers from the outside (the network) and inside will not change whether the services are provided from the backend from different servers/UI or in one integrated unified server/platform.
Thanks in advance.
 

·
Team Manager - Networking , Moderator - Micros
Joined
·
4,092 Posts
Would this security surface area be decreased if someone can integrate all the services from all these individual servers together and with single sign-on so that users do not need to login multiple times?
Yes.

You're describing an enterprise level environment. Where are you coming up with these questions if you don't know anything about network security?
 

·
Registered
Joined
·
113 Posts
Discussion Starter #3
Fred, Thx for response.
I am "slowly" building an integrated environment (a demo) to put all functionalities of these servers into one. The goal is to help the end-users to get all the info they need without the need of logging into different systems (increasing vulnerability). But building a demo is one thing. Network security is another.
You are correct. This platform is for enterprise use. So there will be substantial exposure to hacking and phishing to think about.
That is why I want to know to setup the architecture right from the start, security first and foremost.
So, would you be able to give me some appropriate key words that I can google for my fact-finding quests (how to reduce security surface area)? I understand segmentation is one.
Do you have any appropriate reference links that I can read up on how to design and to setup the security architecture for such back-end unified/integrated platform?
Thanks in advance.
 

·
Registered
Joined
·
113 Posts
Discussion Starter #4
Fred, Thx for response.
I am "slowly" building an integrated environment (a demo) to put all functionalities of these servers into one. The goal is to help the end-users to get all the info they need without the need of logging into different systems (increasing vulnerability). But building a demo is one thing. Network security is another.
You are correct. This platform is for enterprise use. So there will be substantial exposure to hacking and phishing to think about.
That is why I want to know to setup the architecture right from the start, security first and foremost.
So, would you be able to give me some appropriate key words that I can google for my fact-finding quests (how to reduce security surface area)? I understand segmentation is one.
Do you have any appropriate reference links that I can read up on how to design and to setup the security architecture for such back-end unified/integrated platform?
Thanks in advance.
One more thing, Fred. I am a startup and a noob in security. Lots of painful learning to go through.
 

·
Team Manager - Networking , Moderator - Micros
Joined
·
4,092 Posts
IMO, what you're asking goes well beyond what can be covered in a forum or chat setting. You need to understand different options and configurations before you can figure out how they'd apply to your particular hardware and software environment. You might want to look into something like a CompTIA course or study guides to learn more, first.
 

·
Registered
Joined
·
113 Posts
Discussion Starter #6
Fred, OK. Advise taken.
Just stumbled into a trove of info/papers from SAN. Amazing how little I know!!
 

·
Team Manager - Networking , Moderator - Micros
Joined
·
4,092 Posts
The only other thing I'd add is, SSO is like using one lock on a door. I prefer a layered or segmented approach when it's possible.
 
1 - 7 of 7 Posts
Top