Java Reference
In-Depth Information
Operating systems have several vulnerabilities. here are several exploits against these vulnera-
bilities. How do we protect against that? Good question. he answer is in another layer of defense-
in-depth: the operating system layer. Processes must be in place to ensure that the operating
systems deployed in the organization are hardened as per industry best practices and guidelines.
Unnecessary and nonsecure services must be disabled. Additional controls such as host-based
irewalls, which are irewalls for the servers and workstations, will protect the systems from mali-
cious traic over the Internet. hese applications also prevent the execution of suspect applica-
tions. hese solutions have morphed into the host-based intrusion prevention systems, which are
equipped with attack signatures very similar to those of the network IPS devices. hese applica-
tions also constantly scan the system logs for any anomalous activity and throw alerts for the same.
Host-based IPSs also provide additional functionality like ile integrity monitoring. hese applica-
tions maintain a hash value of the sensitive iles in the hard disk and compare it periodically. If the
hash value has been changed, it generates an alert for the administrator to look into it.
2.2.3.3 Application Security
Our Web applications and databases are also extremely important. We have been hearing of all
these Web application attacks, which have been wreaking havoc on several organizations. How do
we protect against all of that? Well, that is the main objective of this topic. here are diferent sides
to Web application security, one being the development of a secure Web application and the other
being the coniguration. Although we will briely discuss some aspects of coniguration and man-
agement of Web application infrastructure like Web servers, application servers, and databases,
our main focus will lie in the development aspects of a secure Java Web application.
2.2.3.4 Physical Security
We explored the network perimeter, but what about physical security? Physical security pertains
to the environmental controls that ensure that unauthorized persons cannot gain access to a loca-
tion or a facility. Physical security is an important consideration for any organization. It would
be unfortunate if we took all the care to protect your applications and someone is easily able to
barge into the datacenter and make of with a server. he organization must possess physical
controls like guards at the front ensuring that not anyone and everyone can gain access to the
facility. What if someone pretends to be a legitimate visitor to the facility and the guards allow
him/her through? Steps should be taken to ensure that there is something like a physical access
control system in place that only allows people to enter the facility with the appropriate access
control card or equivalent. Processes must be in place to ensure that visitors must irst report to
the reception area, have their legitimacy established by the receptionist, and then be escorted into
the facility by an employee of the organization. Visitors must be made to sign a register with their
names, the organization they represent, and the date and time, along with any belongings they
might be taking into the facility. Visitors must be made to declare any prohibited items facility
like a camera or a USB lash drive. Sensitive areas may be monitored with cameras. Sensitive areas
like datacenters may be equipped with cameras as well as other measures like ingerprint readers
or other biometric devices.
he concept of defense-in-depth is also highlighted in Figure 2.3.
Search WWH ::
Custom Search