This preview shows page 530 - 532 out of 672 pages.
Figure 15-2 Security layers in WebSphere Application Server WebSphere Application Server includes the following security layers (from bottom to top in Figure 15-2):Physical securityPhysical security encompasses the area where the environment is located. The major concerns at this level are access to the site and protection against environmental conditions. Commonly, such areas are physically secured, and access is limited to a few individuals. If an intruder can walk up to the physical server, no data on that server is secure.Network securityThe network security layers provide several technologies, such as firewalls, to provide a protection against network-based attacks. They are also responsible for transport level authentication, confidentiality, and integrity. Operating system securityThe security infrastructure of the underlying operating system provides certain security services for WebSphere Application Server. These services include access to the command-line tools and file system security support that secures sensitive files used by WebSphere Application Server. The administrator can configure WebSphere Application Server to obtain authentication information directly from the operating system user registry. WebSphere Application Server resourcesWebSphere Application Server securityWebSphere Security LayersAccess control•Naming•User registry•JMX message beans•HTML•Servlet or JSP file•Enterprise beans•Web servicesWebSphere securityJava platform securityJava Virtual Machine (JVM) Version 6Java 2 securityJava EE security APIPlatform securityOperating system securityNetwork securityHardware securityPhysical securityCSIv2 security
Chapter 15. Security 505Consider using this option only for z/OS systems. When you select the local operating system as a registry on z/OS, System Authorization Facility (SAF) works with the user registry to authorize applications to run on the server.If you are interested in protecting your system from applications, run WebSphere Application Server as a non-root user in distributed platforms. Set it so that access to root files and resources is not allowed. Keep in mind that, in this case, the operating system registry cannot be used.Java virtual machine (JVM) The JVM provides a set of standards-based security services for Java applications, and an installation layer between Java applications and operating system services. It provides an isolated environment for the Java application that is running in it. In this case, the application is WebSphere Application Server. In addition, the JVM protects memory from unrestricted access, creates exceptions when errors occur within a thread, and defines array types.Java 2 securityThe Java security model offers access control to system resources, including file system, system property, socket connection, threading, and class loading. Application code must explicitly grant the required permission to access a protected resource.