IBM WebSphere Application Server용 DMZ 보안 프록시 서버 start up user permissions

The overall security level of the IBM® WebSphere® Application Server용 DMZ 보안 프록시 서버 can be hardened by reverting the server process to run as an unprivileged user after startup. Although the IBM WebSphere Application Server용 DMZ 보안 프록시 서버 must be started as a privileged user, changing the server process to run as an unprivileged user provides additional protection for local operating resources.

Like the proxy server, the IBM WebSphere Application Server용 DMZ 보안 프록시 서버 must start under a privileged user because it requires authorization to initialize privileged ports. Ports lower than 1024 are considered privileged ports. After these ports are initialized and access to the protected ports is no longer required, it is possible to change the user association of the IBM WebSphere Application Server용 DMZ 보안 프록시 서버 process. Altering the server process to run using the privileges of a user or a group that does not have authority to access the local operation system resources adds a layer of protection to those resources. The firewall helps protect local operating system resources for the proxy server, but as the IBM WebSphere Application Server용 DMZ 보안 프록시 서버 is installed in the DMZ, this type of protection becomes a higher priority. Although changing the user association of the server process for the IBM WebSphere Application Server용 DMZ 보안 프록시 서버 is not required, continuing to run as a privileged user does not use the extra layer of protection for local operation resources that is provided when the server process is changed to run as an unprivileged user.

Table 1. Start up options. This table describes the proxy server start up options.
Start up option Definition
Run as unprivileged user This is considered a high and medium security level setting.
Run as privileged user This is considered a low security level setting.

주제 유형을 표시하는 아이콘 개념 주제



시간소인 아이콘 마지막 업데이트 날짜: July 9, 2016 6:06
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=csec_spxy_userperm
파일 이름:csec_spxy_userperm.html