Safe Web Application Configuration Using Secure Zone
Secure Zone allows you to control, segregate and manage access to your own workloads and data
About Architecture
The cloud environment is very efficient and convenient since you can build infrastructures instantly for new services and easily extend them. But many companies hesitate to use the cloud due to the security threats such as unauthorized exposure/leakage of data or vulnerable access control. Through Secure Zone, NAVER CLOUD PLATFORM provides a management environment for users by controlling and separating access on their own workload and data. As a security service for safer management of the customer's important information resources, Secure Zone provides the infrastructure and network configuration to help you stay in compliance with the Information and Communication Act and other relevant regulations. You can set an access control policy to the instance created within the secure zone by configuring directly in Secure Zone Firewall, and monitor the access records. You can also expand the service easily by connecting with the existing products of the general service zone such as Server, Storage or LB, and can connect to an on-premise system by linking with the IPsec VPN.
Architecture
1-5.SecureZone을이용한안전한웹어플리케이션구성_1601268043661.png)
Related Services
Use Cases and Effect
- Access Control via Secure Zone Firewall
- You can configure to allow or deny bidirectional network access control rules for IPs, protocols, and ports between Service Zone and Secure Zone. Redundancy is configured by default to provide high availability for high performance traffic/session management, object management and traffic usage lookup.
- User Access Control via SSL-VPN
- Operator access to a server created within Secure Zone is only available via SLL-VPN, since Secure Zone does not provide a public IP.
- DB Security Through DB Security Solution
- An access control solution and an encryption solution must be applied to DBs that contain personal information in order to meet the personal information protection measures set forth by law. And the access control solution must include the query monitoring function. You can use your own solutions or use the features included in the DB.
- Hybrid Configuration via IPsec VPN Protocol Communication
- If a hybrid configuration is required between Secure Zone and a legacy infrastructure, you can select the Advanced Options of Secure Zone Firewall to link IPsec VPN to the Secure Zone servers.
- Access Log Management Using Cloud Log Analytics
- All log information of Secure Zone Firewall is mandatorily stored in the Cloud Log Analytics (CLA) service.