Protecting truckloads of data on the information superhighway

SSL Journal

Subscribe to SSL Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get SSL Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

I saw this tweet this morning and I thought "+1" (I guess I am a geek if I am thinking in Digg/Slashdot shorthand). The problem is that in Information Security, "security" is all-too-often used to mean only encryption. A line is considered "secure" if it's encrypted. But often, the real "security" requirements are much broader and include management (as in access management, identity management), business continuity defense against denial-of-service, and privacy. I think language is a big issue here. I've always found it interesting that in German, the words for "security" and "certainty" (sicherheit, literally "sureness") are the same. In French, the words for "safety" and "security" are also the same (sûreté, again literally "sureness"). So, in those languages, "security" has a broad definition, incorporating senses of dependability, management, and safety. I can s... (more)

Dear Slashdot: You Get What You Pay For

Open Source SSL Accelerator solution not as cost effective or well-performing as you think o3 Magazine has a write up on building an SSL accelerator out of Open Source components. It's a compelling piece, to be sure, that was picked up by Slashdot and discussed extensively. If o3 had stuck to its original goal - building an SSL accelerator on the cheap - it might have had better luck making its arguments. But it wanted to compare an Open Source solution to a commercial solution. That makes sense, the author was trying to show value in Open Source and that you don't need to shell out big bucks to achieve similar functionality. The problem is that there are very few - if any - commercial SSL accelerators on the market today. SSL acceleration has long been subsumed by load balancers/application delivery controllers and therefore a direct comparison between o3's Open ... (more)

How to Secure REST and JSON

Here at Layer 7 we get asked a lot about our support for REST. We actually have a lot to offer to secure, monitor and manage REST-style transactions. The truth is, although we really like SOAP and XML here at Layer 7, we also really like REST and alternative data encapsulations like JSON. We use both REST and JSON all the time in our own development. Suppose you have a REST-based service that you would like to publish to the world, but you are concerned about access control, confidentiality, integrity, and the risk from incoming threats. We have an answer for this: SecureSpan Gateway clusters, deployed in the DMZ, give you the ability to implement run time governance across all of your services: Pictures are nice, but this scenario is best understood using a concrete example. For the services, Yahoo’s REST-based search API offers us everything we need–it even retur... (more)

Bit.ly, Twitter, Security & You

..or, what I did on my twitter vacation the other day.  This brief break from 26 Short Topics about Security is brought to you by bit.ly, twitter, security and You.  I’ve been using bit.ly for a little while both to shorten links and be able to track clicks placed on twitter (and other social sites) – as many of you do.  When the twitter outage hit last week, and many folks found themselves ‘lost’ without it, I decided to review my stats on the bit.ly links I’ve sent and found something interesting; or frightening.  :-)  (Incidentally, there was a another DDoS attack yesterday that took twitter down for about 20 minutes) To set this up: as you might know, I cover Security within the Technical Marketing Team (Lori, Alan & Ken round out the TMM group – and we’re all interested in Security) at F5 and usually find 1 or 2 interesting ‘security’ stories that I actually t... (more)

Considering the SOA Reference Model

(SYS-CON Media) - The main drivers for SOA-based architectures are to facilitate the manageable growth of large-scale enterprise systems, to facilitate Internet-scale provisioning and the use of services, and to reduce the cost of organization-to-organization cooperation - SOA RM When approaching a SOA implementation, I would like to consider two fundamental questions that many developers ask: 1)  What's the difference between service-oriented and service-based architectures? 2)  What special architecture elements are defined by the SOA RM? In my opinion, the answer to the first is in the difference between the words oriented and based. I believe that smart IT organizations offer a lot of services already because the technical benefits of services have been well known for a while. However, the applications based on these services are still monolithic and don't provide ... (more)

HTML5 WebSocket Security is Strong

This is a two-part blog post that discusses HTML5 WebSocket and security. In this, the first post, I will talk about the security benefits that come from being HTTP-compatible and the WebSocket standard itself. In the second post (coming soon) I will highlight some of the extra security capabilities that Kaazing WebSocket Gateway offers, things that real-world WebSocket applications will want to be fully secure. A WebSocket connection starts its life as an HTTP handshake, which then upgrades in-place to speak the WebSocket wire protocol. As such, many existing HTTP security mechanisms also apply to a WebSocket connection — one of the reasons why the WebSocket standard deliberately chose the strategy of being HTTP compatible. Unified HTTP and WebSocket Security Thanks to the HTTP/WebSocket unified security model, the following is a list of some standard HTTP securit... (more)

Cloud Business Solutions, Social Media, and Platform Systems of Engagement Market Shares, Strategies, and Forecasts, Worldwide, 2013 to 2019

NEW YORK, May 13, 2013 /PRNewswire/ -- Reportlinker.com announces that a new market research report is available in its catalogue: Cloud Business Solutions, Social Media, and Platform Systems of Engagement Market Shares, Strategies, and Forecasts, Worldwide, 2013 to 2019 http://www.reportlinker.com/p01171942/Cloud-Business-Solutions-Social-Media-and-Platform-Systems-of-Engagement-Market-Shares-Strategies-and-Forecasts-Worldwide-2013-to-2019.html#utm_source=prnewswire&utm_medium=pr&utm_campaign=IT_Hosting LEXINGTON, Massachusetts (May 1, 2013) – WinterGreen Research announces that it has published a new study Cloud Business Solutions, Social Media, and Platform Systems of Engagement: Market Shares, Strategy, and Forecasts, Worldwide, 2013 to 2018. The 2013 study has 673 pages, 165 tables and figures. Worldwide markets are poised to achieve continuing growth as the cloud com... (more)

Configuring JMX in WebSphere 8.5

Like most application servers, WebSphere 8.5 has a rich management infrastructure based on JMX, or Java Management Extensions. In fact, the WebSphere administration console uses JMX to connect to the server to issue queries and perform administrative operations. In a previous post I showed you how to secure JBoss’ JMX connector. While there is a lot of information out there on how to connect to WebSphere via JMX, most of the examples involve either disabling SSL, or worse – disabling security globally. So let’s see how we can access WebSphere’s JMX connector remotely in a secure way. Like most things WebSphere, this could look very daunting at first, but once done, you will have a reliable and secure setup. First, a Little Background Historically most JMX implementations used the simple JMXMP protocol as the underlying transport. The newer versions of the the JMX Spe... (more)

SPDY versus HTML5 WebSockets

A recent post on the HTTP 2.0 War beginning garnered a very relevant question regarding WebSockets and where it fits in (what might shape up to be) an epic battle. The answer to the question, “Why not consider WebSockets here?” could be easily answered with two words: HTTP headers. It could also be answered with two other words: infrastructure impact. But I’m guessing Nagesh (and others) would like a bit more detail on that, so here comes the (computer) science. Different Solutions Have Different Impacts Due to a simple (and yet profound) difference between the two implementations, WebSockets is less likely to make an impact on the web (and yet more likely to make an impact inside data centers, but more on that another time). Nagesh is correct in that in almost all the important aspects, WebSockets and SPDY are identical (if not in implementation, in effect). Both ... (more)

WebLogic Server - Identity vs Trust Keystores

In computing most technologies have lots of terms and acronyms to learn, it's par for the course, you get used to it. However in computer security the frustration is multiplied as there are often many different terms that mean the same thing. It makes implementing security hard, because understanding it is hard, and I'm not surprised why security is considered badly implemented because the average Joe will struggle (and for the record I'm the average Chris so I struggle too ;-). I've been trying recently to get straight in my head what is stored in the WLS identity and trust keystores, and what the difference between identity and trust is anyhow. Thanks to kind assistance from Gerard Davison, I think I can now post my understandings, and as usual, hopefully the post is helpful to other readers. As noted however security to me is a difficult area, and so be sure to c... (more)

Lori MacVittie Interview at Cloud Connect

I got a chance to sit down with another member of the Technical Marketing Team at F5, Lori MacVittie at the Cloud Connect conference in Santa Clara this week.  We chat about Web 2.0, Infrastructure 2.0, dynamic networks, cloud interoperability standards, what 3.0 looks like and a few other things.  Thanks Lori! ... (more)