Java Reference
In-Depth Information
used OS in the world, rolls out several patches over the month. In fact, this cycle of Microsoft
releasing patches is famously referred to as
Patch Tuesday.
*
Organizations that ensure that criti-
cal security patches are downloaded and consistently tested and applied across all their systems
ensure protection against the risk of exploitation and control of their systems. In fact, most of
the attacks on systems all over the world occur because of inconsistent and untimely patching of
operating systems.
An antivirus solution is another standard protection mechanism that protects the computer
from viruses, worms, Trojans, and other malware. Antivirus solutions have matured over the years,
and a number of antivirus application vendors ofer a variety of solutions. Symantec, McAfee,
TrendMicro, and others have been in this ield for several years and have witnessed a continuous
growth and adoption of antivirus applications by organizations and individuals alike. he most
important factor for consideration regarding the antivirus solutions is the continuous require-
ment of updating of viral signatures. New viruses, Trojans, and worms are released every day,
and every antivirus application vendor does the research on this malware and release signatures to
protect against them. he signatures of these viruses need to be installed on all the systems that
are protected with antivirus solutions; otherwise the systems are constantly under threat from new
viruses, worms, and malware from the Internet.
here are several other protection measures one can deploy for the operating system. Host-
based irewalls and
host-based intrusion prevention systems (HIPS)
provided
layered security
. In some
cases, host-based irewalls and HIPS protect against
zero-day attacks,
†
which may not be detected
by the antivirus application or may not have been patched as of yet. Operating systems and host
security have matured over the years, and organizations who are serious about information security
have a great deal of resources, tools, and best practices available for them to deploy and implement
to ensure that this aspect of security is well covered.
3.2.1.4 Application Security
Applications and databases today are more under attack than any other domain. Web applications, espe-
cially, are the favored targets because they are open to the Internet and therefore are more easily exposed
for attacks. here are two facets to Web application security—coniguration and development.
he coniguration facet of Web application security is, in many ways, similar to network and
host-based security. It focuses on the infrastructure that houses the Web application and its data-
bases. A typical Web application usually consists of a Web server and a database server. he con-
iguration facet of Web application security focuses on the security of the infrastructure, which
contains the Web application and its dependencies. For instance, lets consider a coniguration
in which a Java Web application deployed on an Apache Tomcat server and interacts with the
database that is housed in a MySQL Database server. In such an environment, the coniguration
facet of Web application security is all about ensuring that the Tomcat Web server and MySQL
*
Patch Tuesday is the second Tuesday of every month when Microsoft rolls out its patches for the operating
system, Internet Explorer, Microsoft Oice, and its development products, SQL Server and Visual Studio.
†
Zero-day attacks are those attacks that exploit operating system or application vulnerabilities before they are
known to anyone else. Sometimes zero-day attacks hit operating systems and applications on the day of the
launch of the OS or applications or sometimes even a few days before the actual launch. Zero-day attacks are
not usually detected by the antivirus application or are not patched because the antivirus vendors and the
operating system or application vendors would not know about the exploit. hese are protected by HIPS or
host-based irewalls, which are designed to examine the behavior of the computer user and ilter traic that does
not match the behavioral patterns of the user(s).
Search WWH ::
Custom Search