Betware’s standard solution consists of three network layers:

1. Secure middle network (web servers)

2. Inside networks (application and other servers)

3. Additionally secured inside network – a customer firewall could be installed in front of, for example, the database

The network layers are behind a firewall and every communication between them is filtered. Firewalls are configured in such a way that only permitted traffic is allowed and all other traffic is denied (“default deny” policy). Denied traffic is logged for security analyses. Security is accomplished through multi-layered firewall protection. The first firewall functions as a first level of system protection. Its purpose is to filter all unwanted traffic originating from the outside world (Internet). This firewall should perform the basic denial of service (DoS) attack prevention.

All services are separated into logical subnets and all communication is “screened” by IP filtering rules of the second firewall. Betware recommends that the second firewall is a different unit than the first firewall, so that additional security can be accomplished through this.