Design multiple layers of protection

When designing a secure deployment, design multiple layers of protection. For example, if someone were to gain unexpected access to a layer, such as the application server, the person should not automatically have access to other layers, such as the database server.

Providing multiple layers of protection might include the following activities:

• Enabling only those ports required for communication between different tiers. For example, you can allow communication to the database tier only on the port used for SQL*NET communications (1521 by default).
• Placing firewalls between servers so that only expected traffic can move between servers.