DCPA-1 Partitioning the Application
Overview
User interface services (e.g., web services) are physically or logically separated from data storage and management services (e.g., database management systems). Separation may be accomplished through the use of different computers, different CPUs, different instances of the operating system, different network addresses, combinations of these methods, or other methods, as appropriate.
| MAC / CONF | Impact | Subject Area |
|---|---|---|
| MACI MACII | Low | Security Design and Configuration |
Details
| Threat |
|---|
| Unauthorized users as well as malicious insiders who gain access to a particular service will find it relatively easy to gain access and exploit another service on the same hard drive. As part of the defense in depth methodology, services must be separated to provide an additional layer of protection between them. |
| Guidance |
|---|
| 1. User interface services (e.g., web pages) are physically or logically separated from data storage and management services (e.g., database management systems). 2. Separation may be accomplished through the use of different computers, different CPUs, different instances of the operating system, different network addresses, combinations of these methods, or other methods, as appropriate. |
References
- DISA Web Server STIG, Version 5, 26 July 2004