An organization should identify threats to security and then take steps to reduce these threats. J2EE attempts to leverage the existing security services.
To shield against security threats, there are a variety of protection mechanisms. Historically, defense mechanisms have involved erecting some sort of a wall or boundary, commonly referred to as a perimeter defense.
Firewalls, a fairly successful example of perimeter defense, separate internal (private) and external (public) networks, and provide a central point of control for a corporate policy. However, firewalls increasingly allow select forms of traffic -- HTTP for example -- to cross over.
1. Modification, Loss or destruction of information
2. Misappropriation of resources
Security – Mechanisms
1. Authentication
Authentication is the mechanism that callers and service providers prove to one another that they are acting on behalf of specific users or systems. A simple example is ‘log in’ into your e-mail.
2. Authorization
Authorization mechanisms limit interactions with resources to collections of users or systems for the purpose of enforcing integrity, confidentiality, or availability constraints.
3. Signing
Message signature would help in delivering the message only to the receiver and ensuring that the message is used once and once only.
4. Encryption
Encryption mechanisms ensure that communication between entities is kept private.
5. Auditing
Auditing is the practice of capturing a record of security-related events for the purpose of being able to hold users or systems accountable for their actions.
One of Java's main features is its ability to move code over a network and run that code. Unlike other languages, Java has been designed to do this securely. Java security has evolved over time; recent releases provide fine-grained security features that enable implementation of a flexible policy decoupled from the implementation mechanism.
JDK 1.0 featured the sandbox security model. The sandbox model confines Java applets, potentially dangerous or not, to a strictly defined arena where they cannot affect other system resources.
Since applications load locally, they, unlike applets, need not be deemed untrustworthy and enjoyed unlimited access to all resources in JDK 1.0. This model did not support a consistent security policy for applets and applications.
JDK 1.1 introduced the signed applet. A signed applet is an applet packaged as a Java Archive (JAR) file and signed with a private key. The signed applet enjoys unlimited access, just like a local application, provided the corresponding public key is trusted in the executing environment. Unsigned applets default back to the sandbox model.
However, it had one major disadvantage: applets either received unlimited access or were confined to the sandbox -- there was no option for selective access to resources. This model was another example of an inflexible implementation where the policy was forced by the mechanism.
The Java 2 Security model
provides for a consistent and flexible policy for applets and applications.
While applications still run unrestricted by default, they can be subjected to
the same policy as applets. The Java 2 model also introduces the concept of a
ProtectionDomain,
which permits a highly flexible security policy decoupled from its
implementation.
Related Topics
DMZ (demilitarized zone) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network. It prevents outside users from getting direct access to a server that has company data. A separate computer receives requests from users within the private network for access to Web sites or other companies accessible on the public network. The DMZ host then initiates sessions for these requests on the public network.
Users of the public network outside the company can access only the DMZ host. The DMZ may typically also have the company's Web pages so these could be served to the outside world. However, the DMZ provides access to no other company data. In the event that an outside user penetrated the DMZ host's security, the Web pages might be corrupted but no other company information would be exposed.
A proxy server receives a request. If it passes filtering requirements, the proxy server, acting as a client on behalf of the user, uses one of its own IP addresses to request the page from the server out on the Internet. When the page is returned, the proxy server relates it to the original request and forwards it on to the user. To the user, the proxy server is invisible; all Internet requests and returned responses appear to be directly with the addressed Internet server. An advantage of a proxy server is that its cache can serve all users. If one or more Internet sites are frequently requested, these are likely to be in the proxy's cache, which will improve user response time. In fact, there are special servers called cache servers. A proxy can also do logging.
3. Firewall
A firewall is a set of related programs, which protects the resources of a private network from users from other networks. An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to. There are a number of firewall screening methods. A simple one is to screen requests to make sure they come from acceptable IP addresses.
A PKI (public key infrastructure) enables users of a basically unsecured public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates. The public key infrastructure assumes the use of public key cryptography, which is the most common method on the Internet for authenticating a message sender or encrypting a message. Traditional private key infrastructure involved the creation and sharing of a secret key for the encryption and decryption of messages. This secret or private key system has the significant flaw that if the key is discovered or intercepted by someone else, messages can easily be decrypted. For this reason, public key cryptography and the public key infrastructure is the preferred approach on the Internet. (The private key system is sometimes known as symmetric cryptography and the public key system as asymmetric cryptography.)
In public key cryptography, a public and private key are created simultaneously using the same algorithm by a certificate authority (CA). The RSA (Rivest-Shamir-Adleman) algorithm is the most commonly used encryption and authentication algorithm and is included as part of the Web browser from Netscape and Microsoft. The private key is given only to the requesting party and the public key is made publicly available (as part of a digital certificate) in a directory that all parties can access. The private key is never shared with anyone or sent across the Internet. You use the private key to decrypt text that has been encrypted with your public key by someone else (who can find out what your public key is from a public directory). In addition to encrypting messages (which ensures privacy), you can authenticate yourself to me (so I know that it is really you who sent the message) by using your private key to encrypt a digital certificate (signature). When I receive it, I can use your public key to decrypt it.
A virtual private network (VPN) is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. A virtual private network can be contrasted with a system of owned or leased lines that can only be used by one company. The idea of the VPN is to give the company the same capabilities at much lower cost by using the shared public infrastructure rather than a private one. Using a virtual private network involves encrypting data before sending it through the public network and decrypting it at the receiving end. An additional level of security involves encrypting not only the data but also the originating and receiving network addresses. VPN software is typically installed as part of a company's firewall server.