HP OSMS white paper: Security of Open Source Middleware Stacks
secure an OSMS environment, you must consider the threats to which both layers might be exposed,
consider what risks these threats pose, and then determine which processes might reduce the risks to an
acceptable level.
Areas of Concern
Confidentiality—Concerns controlling who may access particular information, such as limiting which
employees are permitted to view confidential corporate information or preventing an eavesdropper from
recording a network transaction. For example, the OpenSSH suite provides an encrypted secure shell that
enables secure connections between systems either by users or by automated systems. For more information,
see the OpenSSH Web site at:
http://www.openssh.org
NOTE: The examples presented throughout this white paper are intended to provide one of many of the
available options.
Integrity—Indicates the level of assurance that items have not succumbed to tampering and altering,
except by users and processes explicitly given privileges. For example, GnuPG provides digital signature
capabilities for items such as e-mail and files to detect tampering. For more information, see the GnuPG
Web site at:
http://www.gnupg.org
Availability—Aims to reduce the risks of unreliable access to information and services. For example,
network servers experience a denial-of-service (DoS) attack if their network paths are congested with
malicious traffic, and successful system intrusion allows the attacker to shut down services at will. Often
attacks send malformed requests to a service forcing the service to handle them inefficiently. For example,
ModSecurity is an open source intrusion detection and prevention engine that examines HTTP requests
before a system can fully examine them. In this way, ModSecurity can filter out bad traffic that would
otherwise deny service availability from legitimate requests. For more information, see the ModSecurity
Web site at:
http://www.modsecurity.org
Accountability—Concerns providing reliable identification of users and agents. Accountability is associated
with non-repudiation, authentication, and authorization, and it fits under the broader topic of identity
management. For example, connections to and from a database server might require encrypted
communication channels since database tables should remain unaltered except by those users and processes
explicitly given administration privileges. Passwords alone are weak authentication, but the added use
of encrypted credentials on a smart card provides strong authentication.
OpenSSL provides OSMS with encrypted network connections and manages eavesdropping
risk for a secure Web transaction. For more information, see the OpenSSL Web site at:
http://www.openssl.org
Though it is not strictly a security tool, OpenLDAP can be used to implement the backend for
the management of user information. Each user provides identifying credentials to the access
control system, and in return, the system grants privileges based on who the user is or what
work the user does. Both JBoss and Apache can rely upon OpenLDAP as a directory service
repository, storing information about users for access control.
http://www.openldap.org
Using a load-balancing configuration, OSMS Blueprints can be used to gain high-availability
properties that also provide resilience against DoS attacks.
Malicious attacks involve all four areas of concerns. As soon as a malicious intruder gains control of a
system, the intruder can affect any part of the system at will. Data can be intentionally lost, corrupted, or
shared. Intruders can shut down services, and can even cover their tracks in system logs. By strengthening
a system's ability to resist attacks, you can lower a wide range of security risks.
The Security Policy
Computer systems are expected to be secure, yet often these expectations are not stated explicitly. Security
begins with a formal statement of expectations, which logically occurs before the implementation of any
8