How This Book Is Organized
This book provides a discussion on all aspects of security. We begin by introducing security and its requirements. Then we introduce the Java components that address these requirements, including the reasons why and how these components are to be used. Then we move on to resource, enterprise, and network security. This book is divided into nine parts . Part I: Introduction to SecurityThis part covers the basics of security, explains the need for security, and introduces you to the way hackers think, the tools that are available to hackers, and the most common attacks. In addition, this part categorizes security elements and the different Java components available for security. If you cannot wait to start with Java security, its components, and implementation, we suggest you skip to Chapter 3, "Java Security Components." Part II: Identity and AuthenticationThis part provides an overview of key management algorithms, Elliptic Curve Cryptography (ECC), and Java implementation to keys and key management. It includes key pair examples, a discussion of the mathematics, Diffie-Hellman, key generation, man-in-the-middle attack, RSA key exchange, ECC, secure random, and DES examples. Part III: Data IntegrityThis part covers data integrity, hash functions, message digest algorithms, message authentication, and digital signatures. This discussion includes RSA, ECC, MAC, SHA-1, and others. It includes an MD5 implementation, a SHA-1 algorithm, a MAC algorithm, and DSA signature examples. Part IV: Data HidingThis part presents ciphers, and how to implement ciphers including how to use CipherSpi. Also, it presents a discussion on PBE, Blowfish, and Java Smart Cards. This part includes examples on RSA and an example implementation, Stream Ciphers, PBE, and Blowfish. Part V: Resource Access Using JavaThis part provides an overview of the common criteria for security. It also helps you understand the need for security in your applications and how to satisfy those requirements using Java. It presents JAAS, Kerberos, GSS-API, and the Security Manager. It includes examples on security context, policies, configurations, guarded objects, signed objects, and JAAS. Part VI: Enterprise Data SecurityThis part covers the needs to secure your enterprise data. This is mainly a discussion of why and how you can secure your database, and the communication between your application and the data repository. It contains container-managed and application sign-on, and a discussion on the connector API. Part VII: Network AccessThis part focuses on network security and architecture. It discusses the OSI model, DMZs, firewalls, HTTP tunneling, Java Sockets, SSL, TLS, and JSSE. It includes socket examples (including the server, client, and channel), routing tables, and X509 examples. Part VIII: Public Key ManagementThis part discusses Java digital certificates such as X500, and X.509. Also, this part describes PKI management with certificate chaining, X.500, LDAP, and the need for non- repudiation , including how to import certificates, CRL, CertPath, and LDAP examples. Part IX: Enterprise AccessThis part covers the need for security of enterprise solutions. It describes, including programming examples, the Java security model, Java permissions, Web- tier security, Web Services, JNDI, RMI, IIOP, and EJB security. Finally, it presents a discussion of how BEA's WebLogic, IBM's WebSphere, and Borland's Enterprise Server handle security.
 Java Security Solutions ISBN: 0764549286
EAN: 2147483647 Year: 2001
Pages: 222 Authors: Rich Helton, Johennie Helton
flylib.com © 2008-2017. If you may any questions please contact us: flylib@qtcs.net |
