• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security + Firewalls, part 2

 
Ian McGarry
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I posted a similar topic yesterday but it was too specific about the assignment. I don't think I got any replies so hopefully too much was not given away... Sorry about that I didn't mean to break the rules!

Hopefully this is more general.

When designing a J2EE system can we assume that devices inside a firewall are trustworthy? We could have a set-up where an application server is talking to many other servers such as a DB server, webserver, SMTP server etc etc. Would you typically want to encrypt all communication links between these devices?

My opinion, is to do that would be overkill. But I have read that most companies now feel that most network attacks come from inside the network, so maybe it is necessary? I'd appreciated any comments or opinions on this. Has any one here had any real world experience of securing an enterprise system, if so what issues did you encounter?

If this question is still too close to the bone, feel free to delete it.

Cheers,
Ian
 
Narendra Dhande
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Generally, when you see any network diagram of the Enterprise, there are DMZ where all the servers are kept. There are different firewall setting for intra net and internet access. As per your need you can harden your security policies. It is true that most of the attacks come from the internal users, but it is due to the more permissions given to the internal users as they are assumed more trusted.

Thanks
 
Ian McGarry
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Narendra,

Thanks for the feedback. For some strange reason I had totally forgotten about the idea of using a DMZ! I must be looking at this stuff for too long!

I like the idea of using the DMZ with servers in the DMZ hardened as much as possible. I think it will definitely provide better security than a single firewall.

Cheers,
Ian
 
Ian McGarry
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I also came across this interesting whitepaper about Firewalls and Java.

It might be of interest....

http://www.xtradyne.com/documents/whitepapers/J2EESecurity-with-the-Xtradyne-I-DBC.pdf
 
u kiran
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What are the books we need to refer?

Security
Application Design Concepts and Principles
Common Architectures
Integration and Messaging
Applicability of Java EE Technology

Since Sun didn't mention any references for the above topics.
Can you please suggest


Thanks in Advance
Usha
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic