# Security Requirements
Security is a fundamental aspect of the **ONEWEB Platform**.\
Before deploying or using ONEWEB, the underlying infrastructure must support essential security controls to protect applications, data, and network resources.
This section outlines the **baseline security requirements** and recommended practices for running ONEWEB securely.
***
### Firewall Requirements
ONEWEB supports both **hardware‑based** and **software‑based firewalls** as part of its security architecture.
A firewall is required to:
* Control inbound and outbound network traffic
* Protect platform components from unauthorized access
* Enforce network segmentation between trust zones
***
### Recommended Firewall Architecture
A layered firewall model is recommended for ONEWEB deployments, especially in production environments.
Recommended firewall placement includes:
* **Firewall between Internet and DMZ Zone**\
This is the most critical firewall layer, protecting ONEWEB applications and network resources from direct internet exposure.
* **Firewall between DMZ Zone and Internal Network**\
Acts as a second layer of defense, protecting internal systems and databases from external threats.
In some security‑sensitive environments, additional firewalls may be deployed between:
* **Application Server and Database Server**
> When introducing additional firewall layers, firewall rules and timeout settings may need to be tuned to avoid database connectivity issues.
***
### SSL / TLS Support
ONEWEB supports **SSL/TLS** to secure communication between clients and platform services.
SSL/TLS can be configured using standard features provided by supported application servers, such as:
* WildFly
* JBoss EAP
* IBM WebSphere Application Server
Secure communication helps protect:
* User credentials
* Application data
* API and service interactions
***
### Certificate Management
SSL/TLS certificates can be configured using:
* **Self‑signed certificates** (commonly used in development or testing environments)
* **Certificates issued by a trusted Certificate Authority (CA)** (recommended for production environments)
Certificate selection should align with:
* Organizational security policies
* Compliance requirements
* Environment type (Testing vs Production)
***
### Security Architecture Considerations
From a platform readiness perspective:
* Network segmentation improves security and fault isolation
* SSL/TLS should be enforced for all user‑facing and service endpoints
* Firewall rules must allow required traffic between ONEWEB components while blocking unnecessary access
Security controls should be designed alongside deployment architecture (Standalone, HA, Cloud) rather than added afterward.
***
### Summary of Security Requirements
Before proceeding, ensure that:
* Firewall protection is in place
* Network zones (Internet, DMZ, Internal) are properly segmented
* SSL/TLS is supported and configurable on the application server
* Certificate strategy is defined for each environment
These requirements establish a secure baseline for running ONEWEB.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.onewebstack.com/getting-started/prerequisites-and-system-requirements/security-requirements.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
