Java 2 Network Security

pdf.css

You are here: CodeIdol > Java > Java 2 Network Security > page: 25 26 27 28 29 30 31 32 33 34 35

Java 2 Network Security
1.3.2 Java as an Aid to Security
Sometimes, discussions of Java and security focus only on the perils of Java,
as though there was only a downside to using it, from a security point of view
anyway. But this is not the whole story. Java can be a great help to the
security of a system, and can strengthen weak links, primarily because
code
distribution is a risky process
.
Many applications need code running on the client in cooperation with code
running on the server for example, graphical front ends, or dialers to
connect to the telephone network and this code has to be installed there
somehow. The distribution of this code is often a weak link in an online
system, and it is usually
much
easier to attack this than to waste time trying to
decrypt messages flowing over the Internet. What is the danger? If this code
can be tampered with, then, for example, a dialer number can be changed so
that the client dials the attacker's site rather than the proper server. The client
will never realize this because the attacker, acting as a man-in-the-middle
(MIM)
2
, forwards all traffic between client and server, reading it as it goes. Or
a virus can be introduced, or a host of other horrible possibilities.
The options for code distribution are:
· To send a physical diskette or CD-ROM to the client
· To have the client download the code over an existing network
· To use Java
The safest of the three is Java. It isn't always suitable the client must
already have a network connection that is fast enough for the purpose but it
is by far the easiest to update with a new release, it is less easily intercepted
than a physical distribution and, unlike a normal download, it is checked on
arrival. Moreover, it can be signed and verified for appropriate signatures.
The checking and signing of Java code is central to Java security and very
much more will be said about them in Part 2, "Under the Hood" on page 107.
In this introductory chapter, it is enough to describe briefly the three
components of applet checking:
1. The
class loader
is responsible for bringing together all of the different
parts of the program so that it can be executed.
2
A network entity that intercepts data flowing between two machines is commonly known as a
sniffer
. A sniffer could
have a more active role than just copying frames off the wire. In fact a more dangerous attack could be accomplished if the
sniffer is able to acts as a
man-in-the-middle
, a machine that actively inserts itself in the data flows between two
You are here: CodeIdol > Java > Java 2 Network Security > page: 25 26 27 28 29 30 31 32 33 34 35

Related tags

Popular Categories

Unix books and guides

AJAX popular information
C# language guides
Windows books and cookbooks
.......

Русский

Polski

Francais

Deutsch

support

sitemap

terms