| |
| |
| Preface | |
| |
| |
| Acknowledgments | |
| |
| |
| |
| Introduction to Security | |
| |
| |
| |
| Security Basics | |
| |
| |
| Introduction | |
| |
| |
| Protecting Your Information in Today's World | |
| |
| |
| The Four Pillars of Security | |
| |
| |
| Mapping Security Features to the Digital World | |
| |
| |
| Summary | |
| |
| |
| |
| Hackers and Their Tools | |
| |
| |
| Introduction | |
| |
| |
| Looking for the Hack | |
| |
| |
| Different Types of Hacks and How They Work | |
| |
| |
| Understanding Network Attacks | |
| |
| |
| Protecting Against Hackers | |
| |
| |
| Summary | |
| |
| |
| |
| Java Security Components | |
| |
| |
| Introduction | |
| |
| |
| Categorizing Security Elements | |
| |
| |
| Categorizing Security Components in Java | |
| |
| |
| How Do the Components Fit Together? | |
| |
| |
| Summary | |
| |
| |
| |
| Identity and Authentication | |
| |
| |
| |
| Key Management Algorithms | |
| |
| |
| Introduction | |
| |
| |
| Understanding the Purpose of Keys | |
| |
| |
| Understanding the Mathematics | |
| |
| |
| Symmetric versus Asymmetric Keys | |
| |
| |
| The Diffie-Hellman Key Exchange | |
| |
| |
| The Rivest, Shamir, and Adleman Key Exchange | |
| |
| |
| The Future of Key Exchanges | |
| |
| |
| Summary | |
| |
| |
| |
| Elliptic Curve Cryptography | |
| |
| |
| Introduction | |
| |
| |
| Understanding the Mathematics of ECC | |
| |
| |
| The ECCDH Key Exchange | |
| |
| |
| Summary | |
| |
| |
| |
| Key Management Through the Internet Protocol | |
| |
| |
| Introduction | |
| |
| |
| The Internet Protocol Security Protocol | |
| |
| |
| The Simple Authentication and Security Layer | |
| |
| |
| Summary | |
| |
| |
| |
| Implementing Keys with Java | |
| |
| |
| Introduction | |
| |
| |
| Understanding DSA: The Digital Signature Algorithm | |
| |
| |
| Generating Key Pairs with Java | |
| |
| |
| Generating the Secret Key with Java | |
| |
| |
| Summary | |
| |
| |
| |
| Java Implementation of Key Management | |
| |
| |
| Introduction | |
| |
| |
| KeyStore | |
| |
| |
| PKCS #12 KeyStore | |
| |
| |
| Truststore | |
| |
| |
| TrustManager | |
| |
| |
| Policy File | |
| |
| |
| Policytool | |
| |
| |
| Summary | |
| |
| |
| |
| Data Integrity | |
| |
| |
| |
| Ensuring Data Integrity | |
| |
| |
| Introduction | |
| |
| |
| Understanding the Hash Function | |
| |
| |
| Understanding the Message Digest | |
| |
| |
| Understanding the Different Message Digest Algorithms | |
| |
| |
| Implementing the Different Message Digest Algorithms in Java | |
| |
| |
| Summary | |
| |
| |
| |
| Ensuring Message Authentication | |
| |
| |
| Introduction | |
| |
| |
| Understanding the MAC | |
| |
| |
| Implementing the MAC | |
| |
| |
| Summary | |
| |
| |
| |
| Signature Integrity | |
| |
| |
| Introduction | |
| |
| |
| Understanding the Digital Signature Algorithm (DSA) | |
| |
| |
| Understanding the RSA Digital Signature Algorithm | |
| |
| |
| Understanding the Elliptic Curve Digital Signature Algorithm | |
| |
| |
| Implementing the Digital Signature Algorithm (DSA) | |
| |
| |
| Summary | |
| |
| |
| |
| Data Hiding | |
| |
| |
| |
| Understanding Ciphers | |
| |
| |
| Introduction | |
| |
| |
| Understanding Symmetric Ciphers | |
| |
| |
| Implementing RSA Public Key Encryption | |
| |
| |
| Some Security Suggestions | |
| |
| |
| Summary | |
| |
| |
| |
| Extending New Ciphers with the JDK | |
| |
| |
| Introduction | |
| |
| |
| Implementing a CipherSpi | |
| |
| |
| Implementing the RC4 Stream Cipher | |
| |
| |
| Summary | |
| |
| |
| |
| Applying Ciphers | |
| |
| |
| Introduction | |
| |
| |
| Understanding PBE | |
| |
| |
| Understanding Blowfish | |
| |
| |
| Some Implementations in Ciphers | |
| |
| |
| Java Smart Card Basics | |
| |
| |
| Summary | |
| |
| |
| |
| Resource Access Using Java | |
| |
| |
| |
| Securing Enterprise Resources | |
| |
| |
| Common Criteria for Security Systems | |
| |
| |
| Understanding Your Security Needs | |
| |
| |
| Fulfilling Your Security Requirements | |
| |
| |
| Summary | |
| |
| |
| |
| Java Authentication and Authorization Through Kerberos | |
| |
| |
| Introduction to Kerberos | |
| |
| |
| Principal Names and Key Distribution Center | |
| |
| |
| The Kerberos Authenticator | |
| |
| |
| The Kerberos Principal Database | |
| |
| |
| Java Kerberos | |
| |
| |
| Summary | |
| |
| |
| |
| Securing Messages with the Java GSS-API | |
| |
| |
| Introduction | |
| |
| |
| Implementing the GSS with Initiators and Acceptors | |
| |
| |
| Authenticating with JAAS | |
| |
| |
| Summary | |
| |
| |
| |
| Java Access: The Security Manager | |
| |
| |
| Introduction | |
| |
| |
| The Class Loader | |
| |
| |
| The Security Manager | |
| |
| |
| The Access Controller | |
| |
| |
| The Policy | |
| |
| |
| The Permission Collection | |
| |
| |
| Summary | |
| |
| |
| |
| Java Authentication and Authorization Service | |
| |
| |
| What Is JAAS? | |
| |
| |
| Using Authentication | |
| |
| |
| Understanding JAAS Authorization | |
| |
| |
| Summary | |
| |
| |
| |
| Enterprise Data Security | |
| |
| |
| |
| Working with Database Security | |
| |
| |
| Introduction | |
| |
| |
| Connecting Your Database through JDBC | |
| |
| |
| Connecting Your Database through the Connector Architecture | |
| |
| |
| Securing Enterprise Data in the Database | |
| |
| |
| Summary | |
| |
| |
| |
| Network Access | |
| |
| |
| |
| Network Security Architecture | |
| |
| |
| Understanding Network Security | |
| |
| |
| Network Concepts Overview | |
| |
| |
| Firewalls | |
| |
| |
| De-Militarized Zones (DMZs) | |
| |
| |
| Understanding Proxying Firewalls | |
| |
| |
| HTTP Tunneling | |
| |
| |
| Java Sockets | |
| |
| |
| Summary | |
| |
| |
| |
| SSL and TLS | |
| |
| |
| The Secure Socket Layer (SSL) | |
| |
| |
| The SSL Layers | |
| |
| |
| SSL Sessions and Connections | |
| |
| |
| Security and Attacks | |
| |
| |
| HTTPS: HTTP over SSL | |
| |
| |
| WLS | |
| |
| |
| Summary | |
| |
| |
| |
| Java Secure Socket Extension | |
| |
| |
| JSSE Architecture | |
| |
| |
| Summary | |
| |
| |
| |
| Public Key Management | |
| |
| |
| |
| Java Digital Certificates | |
| |
| |
| Introduction to Digital Certificates | |
| |
| |
| A Quick Overview of X.500 | |
| |
| |
| The X.509 Specification | |
| |
| |
| Certificate Revocation | |
| |
| |
| Summary | |
| |
| |
| |
| PKI Management | |
| |
| |
| Introduction | |
| |
| |
| Certificate Chaining | |
| |
| |
| X.500 | |
| |
| |
| LDAP | |
| |
| |
| Certificate Components | |
| |
| |
| Certificate Path Validation | |
| |
| |
| Non-repudiation | |
| |
| |
| Summary | |
| |
| |
| |
| Enterprise Access | |
| |
| |
| |
| Java Enterprise Security and Web Services Security | |
| |
| |
| Introduction | |
| |
| |
| Java Security Models | |
| |
| |
| Java Permissions | |
| |
| |
| Enterprise Component Models | |
| |
| |
| Understanding Web Services | |
| |
| |
| Summary | |
| |
| |
| |
| Securing Client-Side Components | |
| |
| |
| Introduction | |
| |
| |
| Exploring Java Directory Services | |
| |
| |
| Using Authentication | |
| |
| |
| Using Access Control | |
| |
| |
| Working with Client-Side Security | |
| |
| |
| Using Servlets | |
| |
| |
| Using Java Server Pages | |
| |
| |
| Client-Side Code Example | |
| |
| |
| Summary | |
| |
| |
| |
| Securing Server-Side Components | |
| |
| |
| Introduction | |
| |
| |
| Securing Your Enterprise with CORBA | |
| |
| |
| RMI | |
| |
| |
| Enterprise Security with EJBs | |
| |
| |
| Server-side code example | |
| |
| |
| Summary | |
| |
| |
| |
| Application Security with Java | |
| |
| |
| BEA's WebLogic Basics | |
| |
| |
| IBM's WebSphere Basics | |
| |
| |
| Borland's Enterprise Server Basics | |
| |
| |
| Summary | |
| |
| |
| Index | |