Design multiple layers of protection

This section describes the need for multiple layers of protection.

When designing a secure deployment, design multiple layers of protection. If a hacker gains access to one layer, such as Application server, that should not automatically give them easy access to other layers, such as the database server. Providing multiple layers of protection may include:

• Enabling only those ports required for communication between different tiers. For example, only allow communication to the database tier on the port used for SQL*NET communications (by default, 1521).
• Placing firewalls between servers so that only expected traffic can move between servers.