WebSphere Application Server V7 Advanced Security Enhancement, part 1th: (top)

Security Enhancement Overview and methods

Brief introduction

The security of IBM WebSphere application Server is improved in each release. In addition to adding new features to the new version, we are constantly enhancing the default security for our products. By improving the default settings, we continually increase the degree to which the key principle of default security is met. The previous version of this article focuses on the required step steps for WebSphere application Server V6 and that version. In subsequent WebSphere application Server releases, the number of step steps has been significantly reduced, and more importantly, most of the steps reserved are not critical. Therefore, it is now necessary to update this article with new information.

This article begins with a brief discussion of why security is important and the difficulty of strengthening the system, and then discusses how to strengthen the WebSphere application Server environment to address a variety of security vulnerabilities. Because this article mainly discusses the enhancement, some information is general, did not carry on the detailed analysis. As much as possible, we provide appropriate resources for the relevant details so that you can further study the related subtopics.

Although the information in this article is based on the IBM WebSphere application Server V7, most of the issues discussed also apply to V6.1. For a particular version of the problem, we will specifically point out.

Why do I need security?

Thankfully, most readers are aware that security is a key aspect of an enterprise system. However, in order to introduce some common ways to consider security, we will still briefly introduce security.

The basic purpose of security is "to prevent malicious people from entering your system." More precisely, security is a process that uses a variety of techniques to prevent unauthorized users, often called intruders, from unauthorized access to content.

There are many types of intruders: foreign espionage agencies, competitors, hackers, and even your own employees. Each intruder has different motivations, different skills and knowledge, different access points, and different levels of requirements. For example:

Employees may have a motive to attack the company. Employees have very high levels of internal access and system knowledge, but their resources and hacking skills may be limited.

External hackers may be experts in security attacks, but they may not be motivated to attack you.

Foreign espionage agencies may be interested in attacking you (depending on your business) and have extremely rich resources.

Intruders can invade your system for one or two reasons: to get information they should not have, or to change the normal behavior of the system in some way. In the latter case, by changing the behavior of the system, they can try to perform a transaction that is advantageous to them, or simply to cause the system to crash in some interesting way, causing damage to your organization.

The point is that there are many different types of intruders, many different motivations for intrusions, and many different types of attacks (which we will see later). You must be aware of these when planning for security.

Focus on both internal and external threats

Security measures should not only be seen as a barrier to "outsiders". That's a simplistic view. At present, many organizations focus their security measures exclusively on people outside the organization, who mistakenly believe that only foreign talent is dangerous. This is not actually the case. For large companies, there are often thousands of people who have access to the internal network (many of whom are not employees). These people are likely to become intruders, and because they are internally, they are more convenient to access the network. You can often access your company's network by simply plugging your laptop into a cable. Some studies have shown that nearly half of the intrusions are caused by employees or contractors within the organization (or involving them).

Even if you believe that everyone in the network is trustworthy, can you believe that they never make mistakes? Given the rampant use of e-mail-borne viruses, and the fact that JavaScript™-based attacks and other programs can easily enter the corporate network and launch attacks from inside the computer's USB drives and CDs, it is foolhardy to assume that the entire internal network is trustworthy--and not.

Security measures should try to protect the system from being attacked by all potential intruders, which is why this article is so long. Security is not just a firewall that protects the system from "external" attacks on network boundaries. It is a set of complex operations and processes designed to enhance system security as much as possible.