Figure 15 2 Security layers in WebSphere Application Server WebSphere

Figure 15 2 security layers in websphere application

This preview shows page 530 - 532 out of 672 pages.

Figure 15-2 Security layers in WebSphere Application Server WebSphere Application Server includes the following security layers (from bottom to top in Figure 15-2): Physical security Physical security encompasses the area where the environment is located. The major concerns at this level are access to the site and protection against environmental conditions. Commonly, such areas are physically secured, and access is limited to a few individuals. If an intruder can walk up to the physical server, no data on that server is secure. Network security The network security layers provide several technologies, such as firewalls, to provide a protection against network-based attacks. They are also responsible for transport level authentication, confidentiality, and integrity. Operating system security The security infrastructure of the underlying operating system provides certain security services for WebSphere Application Server. These services include access to the command-line tools and file system security support that secures sensitive files used by WebSphere Application Server. The administrator can configure WebSphere Application Server to obtain authentication information directly from the operating system user registry. WebSphere Application Server resources WebSphere Application Server security WebSphere Security Layers Access control •Naming •User registry •JMX message beans •HTML •Servlet or JSP file •Enterprise beans •Web services WebSphere security Java platform security Java Virtual Machine (JVM) Version 6 Java 2 security Java EE security API Platform security Operating system security Network security Hardware security Physical security CSIv2 security
Image of page 530
Chapter 15. Security 505 Consider using this option only for z/OS systems. When you select the local operating system as a registry on z/OS, System Authorization Facility (SAF) works with the user registry to authorize applications to run on the server. If you are interested in protecting your system from applications, run WebSphere Application Server as a non-root user in distributed platforms. Set it so that access to root files and resources is not allowed. Keep in mind that, in this case, the operating system registry cannot be used. Java virtual machine (JVM) The JVM provides a set of standards-based security services for Java applications, and an installation layer between Java applications and operating system services. It provides an isolated environment for the Java application that is running in it. In this case, the application is WebSphere Application Server. In addition, the JVM protects memory from unrestricted access, creates exceptions when errors occur within a thread, and defines array types. Java 2 security The Java security model offers access control to system resources, including file system, system property, socket connection, threading, and class loading. Application code must explicitly grant the required permission to access a protected resource.
Image of page 531
Image of page 532

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture