How to secure Web Server To Application Server To Database Server communication?

Question

I have application with docker images of all. I have setup Isolated Servers for my application.

Web Server => Application Server => Database Server

Web Server is configured with Nginx with SSL configuration in place. Application and Database Server is not directly exposed to outside world, Web Server will access Application Server and Application Server will Database Server.

Other than Web Server every communication is on HTTP, but these servers (App Server & Database Server) can not be directly accessed.

How to make Web Server => Application Server => Database Server this communication securely?

NOTE: On Application Server & Database Server Docker Containers are running for my Application.

Answer 1

Short Answer

There is no silver bullet, be it approach or product, when it comes to security.

Long Answer

As mentioned by others this is a question that can be approached from multiple angles. A proper approach will look at the stack from end-to-end and reduce attack vectors accordingly. Some examples include, but are not limited to:

• Networking - Ensuring proper network segmentation and Access Control Lists (ACLs) between tiers, along with proper firewall implementation at the perimeter to ensure the Application Server and Database layers mentioned stay inaccessible externally.
• Servers - Proper patching and compliance implementation, such as Security Technical Implementation Guides (STIGs), and implementation of Public Key Infrastructure (PKI/SSL) where possible.
• Applications - Implementing whatever vendor and/or vendor community accepted configuration hardening and best practices.
• Processes - Proper use of Role Based Access Control (RBAC) with Separation of Concerns and Principle of Least Privilege properly implemented.