Monday, July 13, 2009

Securing Company systems over Web

The company web server needs to serve pages to remote users and office machines need access to the internet.

Given the above architectural system specification you should secure it by creating a DMZ that contains the company web server.

You should put machines that provide services to Internet clients in the DMZ and the office machines and development servers behind an inner firewall.

You would then configure a proxy server in the DMZ to forward the requests from the office machines to the Internet.

***

What are the solutions available, if planning for interfacing with existing CORBA systems. You can use Java IDL to integrate with these other systems.

The following is taken from: http://java.sun.com/j2se/1.3/docs/guide/idl/index.html

Java IDL adds CORBA (Common Object Request Broker Architecture) capability to the Java platform, providing standards-based interoperability and connectivity.

Java IDL enables distributed Web-enabled Java applications to transparently invoke operations on remote network services using the industry standard IDL (Object Management Group Interface Definition Language) and IIOP (Internet Inter-ORB Protocol) defined by the Object Management Group. Runtime components include Java ORB for distributed computing using IIOP communication.

Java IDL should not be used when servicing requests from CORBA clients and the reference to messaging is a red herring.

***

How does a predominantly EJB based J2EE application that has to be accessed by CORBA clients? Which connectivity option would you recommend?

RMI-IIOP stands for Remote Method Invocation (using IIOP as the transport.) This is the protocol supported by EJB1.1

**

What if you are Streaming information of the network?

StAX provides a standard, bidirectional pull parser interface for streaming XML processing, offering a simpler programming model than SAX and more efficient memory management than DOM.

StAX enables developers to parse and modify XML streams as events, and to extend XML information models to allow application-specific additions.

Below is an excerpt from Java EE tutorial.

Streaming refers to a programming model in which XML infosets are transmitted and parsed serially at application runtime.Stream-based parsers can start generating output immediately, and infoset elements can be discarded and garbage collected immediately after they are used.Streaming models for XML processing are particularly useful when your application has strict memory limitations, as with a cell phone running J2ME, or when your application needs to simultaneously process several requests, as with an application server. Streaming pull parsing refers to a programming model in which a client application calls methods on an XML parsing library when it needs to interact with an XML infoset; that is, the client only gets (pulls) XML data when it explicitly asks for it. Streaming push parsing refers to a programming model in which an XML parser sends (pushes) XML data to the client as the parser encounters elements in an XML infoset; that is, the parser sends the data whether or not the client is ready to use it at that time.

***

Use a VPN (Virtual Private Network) to connect to company networks. Mostly applications exclusive and sharing of data, should use this. This is better than using Firewalls, over internet.

***

You have a requirement that the PIN of the customer used for ATM transactions must be encrypted using a one-way encryption algorithm to prevent data theft.

You should use SHA encryption. http://en.wikipedia.org/wiki/SHA_hash_functions

3DES is a symmetrical encryption algorithm.

Blowfish is a symmetrical encryption algorithm.

RSA is a asymmetrical encryption algorithm.

--
Regards
Vijayashankar

No comments: