Interstage Application Server V7.
Security System Guide - Preface Trademarks Trademarks of other companies are used in this user guide only to identify particular products or systems: Product Trademark/Registered Trademark Microsoft, Visual Basic, Visual C++, Windows, Windows NT, Internet Information Server, and Internet Explorer Registered trademarks of Microsoft Corporation in the U.S.A. and other countries Sun, Solaris, Java, and other trademarks containing Java Trademarks of Sun Microsystems, Inc., in the U.S.A.
Security System Guide - Preface Preface Purpose of this Document This manual provides information on how to set up and operate a secure Interstage system. Note Throughout this manual Interstage Application Server is referred to as Interstage. Who Should Read this Document? This document is intended for users installing and operating Interstage Application Server.
Security System Guide - Preface Organization of this Document This document is organized as follows: Part I Security Risks and Measures • Chapter 1 Security Risks This chapter explains security risks. • Chapter 2 Security Measures This chapter explains security measures. Part II Authentication and Access Control • Chapter 3 Authentication and Access Control for the Interstage HTTP Server This chapter explains how to use the authentication and access control for the Interstage HTTP Server.
Security System Guide - Preface Part V Security Systems for Web Services (SOAP) • Chapter 13 Security Functions for Web Services (SOAP) This chapter explains the security functions for SOAP messages. • Chapter 14 How to Prepare PKI Environment for Web Services (SOAP) This chapter explains the key pair and certificate management environment required to use the security functions of the Web service.
Security System Guide - Preface vi
Table of Contents Chapter 1 Security Risks Interstage Management Console and Interstage Operation Tool ...................................................1-2 Resources to be Protected ........................................................................................................1-2 Functions to be Protected.....................................................................................................1-2 Resources to be Protected ................................................................
Security System Guide: Table of Contents Operations Confined to Specific Users...............................................................................1-16 Periodic Backup ..................................................................................................................1-18 Use of the Security Function Provided by the Resource....................................................1-18 OLTP Function ..........................................................................................
Security System Guide - Table of Contents Setting Access Permission for Operating Resources.........................................................1-30 Protecting Communication Contents ..................................................................................1-31 Confirming the Authentication Server .................................................................................1-31 Countermeasures Against Password Attacks.....................................................................
Security System Guide: Table of Contents Security Measures for Operation of the Web Server (Interstage HTTP Server) ............................2-4 Notes When Making Access ......................................................................................................2-4 Notes on Communication Data..................................................................................................2-4 Threats of Denial of Service Attacks (DoS) ............................................................
Security System Guide - Table of Contents Security Measures for Portable-ORB ...........................................................................................2-20 Unauthorized Access to Resource Files..................................................................................2-20 Notes on Communication Data................................................................................................2-20 Notes on Creation and Operation of Java Applet .......................................
Security System Guide: Table of Contents Relating Directives ...................................................................................................................3-12 Allow ...................................................................................................................................3-12 Deny....................................................................................................................................3-13 ...................................
Security System Guide - Table of Contents ServerRoot..........................................................................................................................3-40 User ....................................................................................................................................3-41 Chapter 4 HTTP Tunneling HTTP Data Communication Using HTTP Tunneling.......................................................................4-2 HTTP Tunneling Mechanism .....................
Security System Guide: Table of Contents Registering the CA Certificate.............................................................................................7-11 Registering a Site Certificate ..............................................................................................7-11 Registering the Certificate of Another Reliable Site ...........................................................7-12 Registering a CRL .............................................................................
Security System Guide - Table of Contents Registering the User PIN ...........................................................................................................9-3 Setting up the Environment Definition File ................................................................................9-4 General Operation of SSL ....................................................................................................9-4 SSL Operation Using the Virtual Host Function ...............................
Security System Guide: Table of Contents Setting the SSL Information in the CORBA Application (Server Application Only)..................10-4 Operating the SSL Linkage......................................................................................................10-5 SSL Linkage in the IPv6 Environment .....................................................................................10-5 CORBA Server Environment Setup ................................................................................
Security System Guide - Table of Contents Constructing a Key Pair/Certificate Management Environment ..............................................14-7 Environment Construction when a Private-key is needed..................................................14-8 Environment Construction when a Private-key is not Needed .........................................14-11 Using a CORBA/SOAP Gateway................................................................................................
Security System Guide: Table of Contents Chapter 16 How to Use Reliable Messaging Function for Web Services (SOAP) PUSH Model (Receiving Messages by the Server System).........................................................16-2 Preparing a Key Pair and Public Key Used by the Receiver Server .......................................16-2 Deploying the Receiver Application .........................................................................................
Security System Guide - Table of Contents Appendix B Authentication and Access Control for the Component Transaction Service User Authentication........................................................................................................................ B-2 User Authentication with Authentication Objects ...................................................................... B-2 User Authentication with Web Server Functions ......................................................................
Security System Guide: Table of Contents xx
Part I Security Risks and Measures If the system security is violated, unauthorized access by malicious attackers can cause interference and unauthorized use of system operation as well as information leakage. This part explains the threat of security violation by the attackers and the measures to be against them when constructing a system in a network environment using the Interstage Application Server.
Chapter 1 Security Risks This chapter explains the resources to be protected (protection target resources), possible threats to the protection target resources, and measures to be taken against the individual threats. The chapter uses representative operation models of the Interstage Application Server to explain these.
Chapter 1: Security Risks Interstage Management Console and Interstage Operation Tool The Interstage Management Console and the Interstage Operation Tool can be used with the following products: • Interstage Application Server Enterprise Edition • Interstage Application Server Standard Edition • Interstage Application Server Web-J Edition (Interstage Management Console only) • Interstage Application Server Plus This section gives an overview of possible security risks in the general operating envir
Interstage Management Console and Interstage Operation Tool Possible Security Risks to Resources The following describes possible security threats during operation of the Interstage Management Console and the Interstage Operation Tool.
Chapter 1: Security Risks Countermeasures Against Exploitation of User IDs and Passwords In an environment open to limited users like an intranet, it is not likely that user IDs and passwords will be decrypted. Such an environment is often the management base of user ID and password information, and the information of user IDs and passwords is often saved in a file. If this file is accessible by unauthorized users, there is a high risk of exploitation of the user ID and password information.
J2EE Application J2EE Application This section gives an overview of security risks in J2EE applications. Generally, a J2EE application performs operations with client programs using various components. The client program of a J2EE application is sometimes executed as an independent Java program and sometimes via a Web browser. When it is executed via a Web browser, a Web server mediates the operation.
Chapter 1: Security Risks Resources to be Protected The following table lists the resources that are used when the corresponding function available for a J2EE application is used. If high security is required, it is best to protect these resources.
J2EE Application Function Resource to be protected Execution environment setup for Servlet and EJB IJServer environment definition file Execution environment setup for Servlet (when an V5.0.
Chapter 1: Security Risks Resource to be protected Possible threat IJServer log file Tampering of data recorded in the file Exploitation of information recorded in files Damage to files Log file for JServlet environment Tampering of data recorded in the file Exploitation of information recorded in files Damage to files Log file for EJB environment Tampering of data recorded in the file Exploitation of information recorded in files Damage to files Log in the database Tampering of data recorded Expl
J2EE Application Possible Countermeasures The following outlines possible countermeasures against security risks. For further details, refer to the descriptions for each component.
Chapter 1: Security Risks Countermeasures Against Damage to Data There are some J2EE applications that use databases. For this type of application, the data stored in those databases should also be protected. In addition to the security function that the database itself has, periodic data backup is an effective countermeasure against damage to data. Countermeasures Against Damage to Files There are required files in the operating environment of a J2EE application.
Web Services Web Services Web services can be used with the following products: • Interstage Application Server Enterprise Edition • Interstage Application Server Standard Edition • Interstage Application Server Plus For information on security risks to web services, refer to Security Systems for Web Services (SOAP) in Part IV.
Chapter 1: Security Risks Database Linkage Service The Database Linkage Service can be used with the following products: • Interstage Application Server Enterprise Edition • Interstage Application Server Plus This section gives an outline of security risks in an operating mode where the database linkage service is used.
Database Linkage Service Resources to be Protected The following table lists the resources used when the database linkage service is used. If high security is required, it is desirable to protect these resources.
Chapter 1: Security Risks The following describes the locations of the resources to be protected: • Folder storing the OTS system information Folder where the database linkage service is installed: \etc folder • Transaction log file Transaction log file that was specified when the OTS system was created • Folder storing the trace log Folder where the database linkage service is installed: \var folder • Repository storing the resource definitions Folder where the database linkage service is installe
Database Linkage Service Possible Threats to Resources The following describes the possible security risks to the database linkage service: Table 1-8 Possible Security Risks Resource to be protected Possible threat Folder storing the OTS system information Tampering of information Exploitation of information Damage to data Damage to file Transaction log file Tampering of information Exploitation of information Damage to data Damage to file Folder storing the trace log Tampering of information Exploi
Chapter 1: Security Risks Countermeasures Against Threats For the database linkage service, the following are effective measures against security invasion.
Database Linkage Service Using only the authorization of the selected users, start construction of the environment and operation of the database linkage service. If the environment is already established, do the following according to the functions used: • Creation of applications Create applications logged in as an authorized user. • Creation of a resource control program Create resource control programs logged in as an authorized user.
Chapter 1: Security Risks Periodic Backup If you backup information periodically, you can restore the environment even if the information is tampered with. Periodic backup is an effective defense against the following threats: • Tampering of information • Damage to data • Damage to file There are two procedures for periodic backup: • Data Backup • Data Restoration Data Backup Use the 'otsbackupsys' command to perform periodic backups.
OLTP Function OLTP Function The OLTP function can be used with the following products: • Interstage Application Server Enterprise Edition • Interstage Application Server Standard Edition • Interstage Application Server Plus This section gives an overview of the threats posed by invasion of security in a general OLTP application. Generally, an OLTP application performs operations with a CORBA client program.
Chapter 1: Security Risks Resources to be Protected The following table lists the resources when an OLTP application is used. If high security is required, it is desirable to protect these resources.
OLTP Function Possible Threats to Resources The following describes the possible security threats posed to resources to be protected in operation of an OLTP application.
Chapter 1: Security Risks Resource to be protected Possible threat Naming Service for load balance Tampering of data recorded in the file Exploitation of information recorded in files Damage to files Definitions related to Interstage Tampering of data recorded in the file Exploitation of information recorded in files Damage to files WorkUnit definition Tampering of data recorded in the file Exploitation of information recorded in files Damage to files Countermeasures Against Security Risks The foll
OLTP Function Countermeasures Against Tampering of Data Recorded in the File There are environment definition files and other such files in the operating environment of an OLTP application. If the information in this file is illicitly tampered with, it may disable an OLTP application and cause various problems. An effective countermeasure against this threat is to set appropriate access permissions on this file.
Chapter 1: Security Risks Smart Repository The Smart Repository function can be used with the following products: • Interstage Application Server Enterprise Edition • Interstage Application Server Standard Edition • Interstage Application Server Plus Resources Requiring Security Protection This section explains the resources requiring security protection when Smart Repository is used.
Smart Repository Potential Security Threats The following indicates the potential security threats to the resources requiring Smart Repository protection: Resources requiring protection Potential threats Authentication information (passwords) of the registered users (entries) Password decryption Password theft Authentication information (password) for the Smart Repository administrator DN Setting information for the user password encryption method Illegal use of Smart Repository Passwords contained i
Chapter 1: Security Risks Password Encryption When an entry search is requested from a client to Smart Repository, the password included in an entry can be retrieved in the form of an encrypted password string by using a method other than the original encryption method for user password encryption. Password encryption is a good way of protecting against the threat of password decryption.
Smart Repository Periodic Data Backup By performing data backup periodically, the environment can be restored even if information is altered through unauthorized access. Periodic backup provides good protection against the following threats: • Destruction or deletion of Smart Repository data • Alteration of information recorded in files • File destruction Use the backup command (irepbacksys) to perform periodic backups.
Chapter 1: Security Risks Interstage Single Sign-on This section explains the security threats for Interstage single sign-on and the countermeasures that can be taken. Configuration Model The figure below shows the basic configuration model for Interstage single sign-on. Figure 1-1 Interstage Single Sign-on System The Interstage Single Sign-on system consists of three types of servers: repository servers, authentication servers, and business servers. The user uses the system from the client Web browser.
Interstage Single Sign-on Possible Threats This section explains the possible threats when using Interstage Single Sign-on. Deleting, Rewriting, and Exposing Server Resources The repository server, authentication server, and business server contain important files to control the programs. The files include the authentication infrastructure setup file and business system setup file required for setting up each server, and the configuration file and service ID file created after setting up the servers.
Chapter 1: Security Risks Application Risk Interstage Single Sign-on stores important information in the Web browser cookie. The attacker could collect cookies for spoofing when the application operating on the business server is vulnerable, e.g., cross site scripting (XSS) or allocation of a malevolent application. Client Risk When an attacker takes advantage of Web browser defects and obtains cookie information, vulnerability may become apparent.
Interstage Single Sign-on Protecting Communication Contents Encryption is an effective way of protecting communication contents from being rewritten or exposed. Use https as the protocol for the authentication and business servers and encrypt the communication contents. The SSL environment is required to operate https. The repository server need not use SSL communication because the Interstage Single Sign-on program encrypts the communication contents.
Chapter 1: Security Risks Difficult-to-guess Password Use a password that cannot be easily guessed by others or identified mechanically by some kind of tool. A difficult-to-guess password should meet the following conditions: • Cannot be guessed from personal information, e.g., name or birthday. • Comprises the longest character string possible. • Contains uppercase and lowercase letters, numbers, and symbols. • Contains one complete word without modification.
Interstage Single Sign-on Operating and Managing a Business Server To prevent unauthorized access to the protection resources of the business server and control correct authentication or authorization, the business server must be operated and managed appropriately. • Use https as the protocol of the business server and encrypt the communication contents with the Web browser. • Do not operate an unnecessary Web service on another port of the same server.
Chapter 1: Security Risks For Java Applications Using Single Sign-on JavaAPIs Possible threat Action Application alteration - Periodically change the account password. Application destruction - Periodically back up data. Leakage of user IDs or passwords - Securely implement communication with the client (using SSLSocket, etc.) Operation of the application operating terminal - When operating Java applications in server applications, implement them as daemon processes or services.
Multi Server Management Multi Server Management This section describes how to deal with security threats using Multi Server Management. The Admin Server function of Multi Server Management can only be used with the following products: • Interstage Application Server Enterprise Edition • Interstage Application Server Standard Edition • Interstage Application Server Plus The Managed Server function of Multi Server Management can be used with all products.
Chapter 1: Security Risks Configuration Model When using Multi Server Management, the LAN for the flow of the actual business data and the LAN for the flow of operation management data between the Admin Server and Managed Server are usually separated.. The former is called the “business LAN”, and the latter the “management LAN”. The following figure shows an overview of the business LAN and management LAN and a typical usage model for Multi Server Management.
Multi Server Management Figure 1-2 Multi Server Management Configuration Model In a typical Multi Server Management configuration, one Admin Server manages one site. The site is configured using multiple servers, with servers that execute the same business applications grouped together. The Admin Server runs the servers in the site using the Interstage Management Console.
Chapter 1: Security Risks Resources to be Protected This section describes the resources to be protected when Multi Server Management is used.
Multi Server Management Threat Prevention The following table lists countermeasures that can be taken against possible security risks.
Chapter 1: Security Risks Countermeasures Against Exploitation of Information Recorded in Files The information required for operation of the Interstage Management Console and Interstage Operation Tool is stored in files. The contents of these files are also resources, and it is important to prevent exploitation of them. An effective means of protecting these files is to set appropriate access permissions for them.
Configuration Management Function Configuration Management Function This section describes how to deal with security threats using the Configuration Management function. Configuration Management Function Usage Model The following figure shows a typical usage model for the Configuration Management function. Figure 1-3 Configuration Management Function Usage Model The Configuration Management function stores operations in the Interstage Management Console internally.
Chapter 1: Security Risks Resources to be Protected The following resources are used in the Interstage Management Console. If advanced security measures are requested, it is advisable to protect these resources as part of that security.
Configuration Management Function Countermeasures Against Overwriting Information Recorded in Files Various items of Interstage information are saved in the Configuration Management function repository in binary format. If the contents of these files are overwritten illegally, it might cause various problems, such as being unable to run Interstage. To effectively counter this type of threat, implement appropriate access authority settings for the files in which this information is saved.
Chapter 1: Security Risks 1-44
Chapter 2 Security Measures Generally, the services alone cannot completely protect resources from security attacks. Taking operational measures can also increase safety. This chapter explains the security measures indicated in "Security Risks and Measures" separately for each service. To implement safe and firm operation against security violation, it is recommended to refer to and carry out the measures for the services used. Security information on Fujitsu products is available from the following site.
Chapter 2: Security Measures Common Security Measures This section explains the following topics: • Notes on User Accounts • Backup • Notes on Interstage Installation Resources Notes on User Accounts To prevent termination of operation, alteration of resources, and leakage of information that may be done by end users, it is recommended not to register a user account that is not an authorized Administrator.
Security Measures for Interstage Operation Tool Security Measures for Interstage Operation Tool The Interstage Operation Tool can be used with the following products: • Interstage Application Server Enterprise Edition • Interstage Application Server Standard Edition • Interstage Application Server Plus Notes on User Accounts Operation of the Interstage Operation Tool by end users is restricted by giving permissions only to the users within the Administrators group to operate important functions such
Chapter 2: Security Measures Security Measures for Operation of the Web Server (Interstage HTTP Server) This section explains the following topics: • Notes When Making Access • Notes on Communication Data • Threats of Denial of Service Attacks (DoS) • Leakage of Password Information • Unauthorized Access to Resource Files • Risk of Exploiting the HTTP TRACE Method • Threat that the UNIX account name will be discovered Notes When Making Access When an access is made from a Web browser to the I
Security Measures for Operation of the Web Server (Interstage HTTP Server) • IP access control: It is possible to permit access only to specific clients. For information about IP access control, refer to IP Access Control in Authentication and Access Control for the Interstage HTTP Server in Chapter 9. • Use of SSL encryption: High level of security can be retained, where client authentication is possible.
Chapter 2: Security Measures Risk of Exploiting the HTTP TRACE Method Malicious users (or machines) on the network may read private information in HTTP request data or execute unwanted codes. To prevent this risk, it is recommended to disable the HTTP TRACE method by specifying the following lines in the Interstage HTTP Server environment definition file (httpd.conf): The TRACE method is the HTTP/1.1 method of receiving the data sent from the client side as response data.
Security Measures for Operation of the Web Server (Interstage HTTP Server) LoadModule rewrite_module libexec/mod_rewrite.so AddModule mod_rewrite.c ServerName virt.example.com ServerAdmin webmaster@virt.example.com RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] ...
Chapter 2: Security Measures Making all documents, except for “user3” and “user4”, under “user home directory/public_html” public. UserDir public_html UserDir disabled user3 user4 Notes: If just “UserDir public_html” is specified, when the "http://host name[:port number]/~user" request is received, the status code that is returned when the user name is specified as “user” depends on whether the user exists in the UNIX server. For this reason, the UNIX account name on the Web server might be discovered.
Security Measures for Operation of the Web Server (InfoProvider Pro) Security Measures for Operation of the Web Server (InfoProvider Pro) The InfoProvider Pro can be used on the Windows(R) system or Solaris OE system. Notes on Permissions of Contents To prevent alteration by end users, it is recommended to set the proper permissions on the top-level directory to be made accessible and the directory that stores applications.
Chapter 2: Security Measures Security Measures for the Servlet Service This section explains the following topics: • Notes on the Use of Sessions • Notes on Web Application Development • Notes on Deployment of Web Applications • Notes on the Root Directory of the Web Application • Notes on Communication Data Notes on the Use of Sessions Session information is embedded in cookies or URL parameters.
Security Measures for the Servlet Service Notes on Communication Data Possible threats to communication between the Web server connector and Servlet container are as follows: • The Web server connector is impersonated to illegally access the Servlet container. • Communication data is viewed by unauthorized person. • Communication data is altered. It is recommended to use SSL communication for protection from these threats.
Chapter 2: Security Measures Security Measures for the EJB Service This section gives an outline of security risks when the EJB service is used. EJB Service is required when the "EJB function" of J2EE applications is used. Web-J supports only the client function of the EJB service. Resources to be Protected This section describes the resources to be protected when the EJB service is used. Resources to be Protected The table below lists the resources that are used for EJB Service.
Security Measures for the EJB Service Possible Threats to Resources The following countermeasures can defend EJB Service against security invasion.
Chapter 2: Security Measures Selection of Specific Users By fixing the operators of the entire system to a pre-specified set of users, you can prevent tampering of information. Executing the security enhancement command, you can change the operation mode of EJB Service to the specific user authorization mode. For detailed information about the security enhancement command, refer to Environment Setup for Interstage Resources Protection in Appendix A.
Security Measures for J2EE Deployment Tool Security Measures for J2EE Deployment Tool This topic explains the following topic: • Unauthorized Access to Resource Files Unauthorized Access to Resource Files The J2EE Deployment tool is used for deploying J2EE applications and making them usable. The J2EE applications to be deployed are saved in ear file, jar file, rar file, and war files. These files may be exposed to the threat of unauthorized access from an ill-intentioned person.
Chapter 2: Security Measures Security Measures for the J2EE Resource Access Definition This section explains the following topic: • Leakage of Password Information Leakage of Password Information The J2EE resource access definition can hold definitions of access information for various resources used by J2EE applications. This access definition information is saved in a file, which includes password information. There is a possible threat that an ill-intentioned person may furtively read this file.
Security Measures for Interstage JMS Security Measures for Interstage JMS Interstage JMS can be used with the following products: • Interstage Application Server Enterprise Edition • Interstage Application Server Plus Unauthorized Access to Resource Files Interstage JMS Server has environment definition files as listed below: • JNDI definition file (fjmsjndi.ser.*) (*1) • JMS non-volatilization file (fjmsmng.ser.*, fjmsdsubXXXX.ser, lock\.
Chapter 2: Security Measures Security Measures for CORBA Service This section explains the following topics: • Unauthorized Access to Resource Files • Notes on Communication Data • Notes on the Port Number used by CORBA Service • Notes on Creation and Operation of Java Applets Unauthorized Access to Resource Files CORBA service has environment definition files as listed below: • • • • 2-18 CORBA Service − CORBA Service environment definition information file (config) (*1) − Host information
Security Measures for CORBA Service These files may be exposed to the threat of unauthorized access from an ill-intentioned person. To protect these files from this threat, make these files inaccessible by end users. For this purpose, it is recommended to allow access only by users having administrator authorization (superuser for a Solaris OE/Linux system, and Administrator for Windows(R) system).
Chapter 2: Security Measures Security Measures for Portable-ORB Portable-ORB can be used with the following products: • Interstage Application Server Enterprise Edition • Interstage Application Server Standard Edition • Interstage Application Server Plus Unauthorized Access to Resource Files Portable-ORB service has environment definition files as listed below: • Portable-ORB environment definition file (config) (*1) • Host information file (initial_hosts) (*1) • Initial service file (initial_se
Security Measures for Portable-ORB Notes on Creation and Operation of Java Applet Be careful about the following points when creating and operating a Java applet that uses Portable-ORB. About Authorization Settings If Java applets in operation are given more authorization than necessary, some malicious applets (including Javascript) may use it to cause problems on client machines, such as damaged files, leakage of data in files, leakage of individual user information, and so on.
Chapter 2: Security Measures Security Measures for Event Service Event service can be used with the following products: • Interstage Application Server Enterprise Edition • Interstage Application Server Standard Edition • Interstage Application Server Plus Unauthorized Access to Resource Files Event service has environment definition files as listed below: • Event Service configuration information (essystem.cfg) (*1) • Event channel operating environment (esgrpX.
Security Measures for IJServer Operation Security Measures for IJServer Operation IJServer is an operating environment for JEEE applications. Unauthorized Access to Resource Files When IJServer is operated, the resource files for IJServer are stored in the ijserver directory under the J2EE common directory. These files may be subjected to unauthorized access by malicious persons or machines. To protect these files from such threats, access to the files from general users can be inhibited.
Chapter 2: Security Measures Security Measures Concerning Operation of Smart Repository Smart Repository can be used with the following products: • Interstage Application Server Enterprise Edition • Interstage Application Server Standard Edition • Interstage Application Server Plus About Operation Take the following measures to prevent incorrect use during operation.
Security Measures for Fujitsu Enabler Security Measures for Fujitsu Enabler This section explains how to configure the security settings for the Fujitsu Enabler account. Account Used for Fujitsu Enabler Fujitsu Enabler is used for Smart Repository. For Fujitsu Enabler, an account "oms" is used for a special purpose. To prevent malicious access using the oms account, inhibit the local login with the oms account.
Chapter 2: Security Measures Measures for Multi server Management This section explains the use of "roles" in Multi server Management. Security Role Settings When using Multi Server Management, it is important that the authority set for a user to log in to the Interstage Management Console is appropriate. This user authority is called a “role”. The executable operations vary according to the role authority.
Measures for Configuration Manager Measures for Configuration Manager This section explains the security measures for the Configuration Manager. Illegal Access to Resource Files The Configuration Manager uses the following files. • Business configuration management function repository (Note 1) (Note 1) This is the folder that is set in “Repository Environment Settings” of the Interstage Management Console [Configuration Management] tab.
Chapter 2: Security Measures 2-28
Part II Authentication and Access Control
Chapter 3 Authentication and Access Control for the Interstage HTTP Server This chapter describes the authentication and access control that Interstage HTTP Server provides.
Chapter 3: Authentication and Access Control for the Interstage HTTP Server Types of Authentication There are three types of authentication, as shown below. • User authentication (Basic Authentication) • IP access control Note User authentication and IP access control can be used independently or together.
Types of Authentication Remarks When SSL is used between the client and the server for user authentication, the user name and the password are encrypted, which makes them almost impossible to intercept or steal. IP Access Control IP access control limits accessing the resource on the Web server for each IP address of the equipment in the access source. Web server determines whether or not to permit access to the resource from the IP address of the machine that is attempting access.
Chapter 3: Authentication and Access Control for the Interstage HTTP Server Online Collation This function is used to control and store the user names, passwords and group information used in user authentication in the directory server. Web server uses the LDAP (Lightweight Directory Access Protocol) V3 to communicate with the directory server and collates the user name/password in the online operation.
Setting the User Authentication Setting the User Authentication User authentication is set according to the following procedures. 1. Registering a user password 2. Editing the environment definition file Note When the online collation function is in use user authentication cannot be used. Registering a User Password Register a password for users to whom access permission is to be provided in the password file, by executing the htpasswd command after the command prompt.
Chapter 3: Authentication and Access Control for the Interstage HTTP Server Editing the Environment Definition File To allow the users whose password has been registered in the password file to access directories under a specified directory, use the following directives in the environment definition file (httpd.conf) of Interstage HTTP Server.
Setting the User Authentication Relating Directives • AuthName • AuthType • AuthUserFile • • Require Relating Directives When user authentication is used, the following directives are related to settings of the environment definition file.
Chapter 3: Authentication and Access Control for the Interstage HTTP Server AuthName Name AuthName Synopsis AuthName 'title' Description Specifies the title displayed on the authentication screen in the ASCII alphanumeric characters (1 byte characters). Context Directory Default Value None AuthType Name AuthType Synopsis AuthType Basic Description Specifies the type of authentication 'Basic'. Basic Sets basic authentication (the passwords are plain text).
Setting the User Authentication AuthUserFile Name AuthUserFile Synopsis AuthUserFile file-name Description Specifies the name of the password file used for user authentication (the name of the text file that includes the list of users and their passwords). Context Directory Default Value None Module mod_auth Name Synopsis ...
Chapter 3: Authentication and Access Control for the Interstage HTTP Server Require Name Require Synopsis Require valid-user|user user-name|group group-name Description Specifies the rule to be applied for user authentication. valid-user Authenticates all valid users. When the online collation function is used, users registered with the directory server are allowed. user user-name Authenticates users specified by user-name.
Setting the IP Access Control Setting the IP Access Control For IP access control, you can allow only specified hosts to make access to directories under a specified directory using the following directives in the environment definition file (httpd.conf) of Interstage HTTP Server. By doing this, any access from Web browsers that are on unspecified hosts are rejected. Example To allow a specified host '192.168.1.
Chapter 3: Authentication and Access Control for the Interstage HTTP Server Relating Directives When IP access control is used, the following directives are related to settings of the environment definition file.
Setting the IP Access Control Description Specifies a host or network that is granted access to the directories. Specifying 'all' for the host entry allows all hosts to access the directories. Specifying the IP address of a host allows only that host to access the directories. Context Directory Default Value None Module mod_access Deny Name Deny Synopsis Deny from host|network[/mask] [host|network[/mask]] ... Description Specifies a host or network that is denied access to the directories.
Chapter 3: Authentication and Access Control for the Interstage HTTP Server Name Synopsis ... Description Specifies the directory section only when a directive is used within the specific directory and subdirectories of that directory. The directory name can be specified using a relative path, wild card (? indicates a specific character, * indicates a character string), and regular expressions.
Setting the Online Collation Function Setting the Online Collation Function Set the operation of the online collation function according to the following procedure. The directory servers used when the online access management function is operated, are intended for the following services: • Smart Repository With the online collation function, operation with SSL enabled or disabled can be set between Interstage HTTP Server and the directory server.
Chapter 3: Authentication and Access Control for the Interstage HTTP Server Operation without Using SSL Configuration Procedure 1 This section explains the procedure for operating the online collation function without using the SSL between the Interstage HTTP Server and directory server. 1. Set up the environment of the directory server Set the directory server environment. Refer to Setting the Directory Server Environment for details of how to set the directory server environment. 2.
Setting the Online Collation Function Configuration Procedure 3 (when Interstage HTTP Server and Smart Repository are on different systems) The following procedure is for operating the online collation function with SSL enabled between Interstage HTTP Server and the directory server; when Interstage HTTP Server and Smart Repository are on different systems. 1. Set up the environment of the directory server Set the directory server environment. An SSL environment must also be set on the directory server.
Chapter 3: Authentication and Access Control for the Interstage HTTP Server Setting the Directory Server Environment To use the online collation function, the environment of the directory server need be set up. The following operations are required for setting up the directory server environment: 1. Preparing the Directory Server 2. Creating Entries Preparing the Directory Server Prepare the directory server and generate a repository (DSA).
Setting the Online Collation Function Example of User Entry Configuration Figure 3-4 Creating User Entry Creating Group Entry Create the group entry with the following groupOfNames object class. For the group entry, the following items must be set. Table 3-3 Group Entry Settings Item Description cn attribute Sets a name of a group to which the user performing online collation belongs. member attribute Sets a DN name of the user belonging to a group.
Chapter 3: Authentication and Access Control for the Interstage HTTP Server Example of Group Entry Figure 3-5 Group Entry Configuration Set the Interstage HTTP Server Environment Definition File Define the online collation function according to the mode of operation in the environment definition file (httpd.conf) for the Interstage HTTP Server. The method for setting the environment definition file for Interstage HTTP Server (httpd.
Setting the Online Collation Function Setting 1: Operation without Using SSL Example Running the online collation function without using SSL, under the following settings: Directory server 'hostname' Port number '389' BindDN name used to access the directory server 'cn=manager,ou=interstage,o=fujitsu,dc=com' Name of the tree containing user information on the directory server 'ou=User,ou=interstage,o=fujitsu,dc=com' # Add the module (Delete the comment) LoadModule mod_ldap_module modules/mod_ldap.
Chapter 3: Authentication and Access Control for the Interstage HTTP Server Example Running the online collation function without using SSL, under the following settings: Directory server 'hostname' Port number '389' BindDN name used to access the directory server 'cn=manager,ou=interstage,o=fujitsu,dc=com' Name of the tree containing user information on the directory server 'ou=User,ou=interstage,o=fujitsu,dc=com' # Add the module (Delete the comment) LoadModule mod_ldap_module libexec/mod_ldap.
Setting the Online Collation Function Setting 2: Operation Using the SSL (setting for using an Interstage certificate environment or for using SSL configured on Smart Repository) Example Running the online collation function without using SSL, under the following settings: Directory server 'hostname' Port number '636' BindDN name used to access the directory server 'cn=manager,ou=interstage,o=fujitsu,dc=com' Name of the tree containing user information on the directory server 'ou=User,ou=interstage,o=fujit
Chapter 3: Authentication and Access Control for the Interstage HTTP Server Example Running the online collation function without using SSL, under the following settings: Directory server 'hostname' Port number '636' BindDN name used to access the directory server 'cn=manager,ou=interstage,o=fujitsu,dc=com' Name of the tree containing user information on the directory server 'ou=User,ou=interstage,o=fujitsu,dc=com' User who registered to owner groups of Interstage certificate environment 'nobody' Group to
Setting the Online Collation Function Setting 3: Operation Using the SSL (setting for using a certificate/key management environment configured with the SMEE commands) Example Running the online collation function using the SSL, under the following settings: Directory server 'hostname' Port number '636' BindDN name used to access the directory server 'cn=manager,ou=interstage,o=fujitsu,dc=com' Name of the tree containing user information on the directory server 'ou=User,ou=interstage,o=fujitsu,dc=com' Slot
Chapter 3: Authentication and Access Control for the Interstage HTTP Server # Token label AuthLDAPTknLbl # User PIN file AuthLDAPTknPwd token01 userpin Example Running the online collation function using the SSL, under the following settings: Directory server 'hostname' Port number '636' BindDN name used to access the directory server 'cn=manager,ou=interstage,o=fujitsu,dc=com' Name of the tree containing user information on the directory server 'ou=User,ou=interstage,o=fujitsu,dc=com' Slot
Setting the Online Collation Function # (389:optional value for not using SSL, 636:optional value for using SSL) AuthLDAPPort 636 # Name of the tree containing user information on the directory server AuthLDAPbasedn ou=User,ou=interstage,o=fujitsu,dc=com # Rule to be applied for LDAP authentication Require valid-user # Specify whether to enable SSL (off: disable, on: enable).
Chapter 3: Authentication and Access Control for the Interstage HTTP Server • • Group • LoadModule • Require • User Relating Directives The following directives are related to settings of the environment definition file to use the online collation function.
Setting the Online Collation Function Module Name of the module that implements the directive function. A directive with no module name indication is included in the basic module. Note Notes on the use of the directive Examples Directive example (included only for a directive which requires complicated setting). AddModule Name AddModule Synopsis AddModule module [module] ... Description Enables read modules or embedded modules.
Chapter 3: Authentication and Access Control for the Interstage HTTP Server Description Specifies the name of the tree that is storing information about users in the directory server using the DN name. When information about the users is stored in multiple directories, specify the name of a high-order DN which is inclusive of all the user information storing directories. The directory specified in BaseDN is handled as the top directory from which a search is made for information about the users.
Setting the Online Collation Function AuthLDAPBindPassword Name AuthLDAPBindPassword Synopsis AuthLDAPBindPassword BindPassword Description When some BindDN name has been specified by the AuthLDAPBindDN directive, specify the password for the BindDN name. When making anonymous access, omit this directive. BindPassword Use ASCII characters (1-byte characters: 0 to 9, A to Z, and a to z). Up to 128 bytes are allowed.
Chapter 3: Authentication and Access Control for the Interstage HTTP Server Module mod_ldap AuthLDAPEnabled Name AuthLDAPEnabled Synopsis AuthLDAPEnabled on|off Description Specifies whether to apply LDAP authentication. on Applies LDAP authentication. off Does not apply LDAP authentication. Context Directory Default Value on Module mod_ldap AuthLDAPHost Name AuthLDAPHost Synopsis AuthLDAPHost Host-name Description Specifies the host name including the domain name of a directory server or the IP address.
Setting the Online Collation Function Default Value localhost Module mod_ldap AuthLDAPPort Name AuthLDAPPort Synopsis AuthLDAPPort Port-number Description Specifies the port number of the directory server.
Chapter 3: Authentication and Access Control for the Interstage HTTP Server Description Specifies whether to use SSL for the operation of the online collation function. on SSL is used. off SSL is not used. Context Directory Default Value off Module mod_ldap AuthLDAPSlotPath Name AuthLDAPSlotPath Synopsis AuthLDAPSlotPath slot-information-directory-name Description Uses the absolute path to specify the slot information directory specified when the private-key control environment was created.
Setting the Online Collation Function AuthLDAPTknLbl Name AuthLDAPTknLbl Synopsis AuthLDAPTknLbl token-label Description Specifies the token label specified when the private-key was created. Context Directory Default Value None Module mod_ldap AuthLDAPTknPwd Name AuthLDAPTknPwd Synopsis AuthLDAPTknPwd user-PIN Description Specifies the user PIN specified when the private-key was created.
Chapter 3: Authentication and Access Control for the Interstage HTTP Server AuthName Name AuthName Synopsis AuthName 'title' Description Specifies the title displayed on the authentication screen in the ASCII alphanumeric characters (1 byte characters). Context Directory Default value None AuthType Name AuthType Synopsis AuthType Basic Description Specifies the type of authentication 'Basic'. Basic Sets basic authentication (the passwords are plain text).
Setting the Online Collation Function Name Synopsis ... Description Specifies the directory section only when a directive is used within the specific directory and subdirectories of that directory. The directory name can be specified using a relative path, wild card (? indicates a specific character, * indicates a character string), and regular expressions.
Chapter 3: Authentication and Access Control for the Interstage HTTP Server Default Value None #-1 Note Group ID operates as 4294967295 when '#-1' is specified. Initial Value Group nobody Group "#-1" LoadModule Name LoadModule Synopsis LoadModule module-name file-name Description Reads a module. Specify the file name of a module using the absolute path or the relative path from the ServerRoot directive.
Setting the Online Collation Function Module mod_so Require Name Require Synopsis Require valid-user|user user-name|group group-name Description Specifies the rule to be applied for user authentication. valid-user Authenticates all valid users. When the online collation function is used, users registered with the directory server are allowed. user user-name Authenticates users specified by user-name. When the online collation function is used, the uid attribute of the user is specified as the username.
Chapter 3: Authentication and Access Control for the Interstage HTTP Server Examples To authenticate a user 'taro': Require user taro To allow authentication of a user belonging to the group entry with the cn attribute 'ihsgroup' when the online collation function is used: Require group cn=ihsgroup,ou=User,ou=interstage,o=fujitsu,dc=com ServerRoot Name ServerRoot Synopsis ServerRoot directory-path Description Sets the root directory path in which the server lives.
Setting the Online Collation Function User Name User Synopsis User userID Description Specifies the name of the user who executes the server process. For the user ID, the user name can be specified, or the user ID (numeric value) can be specified following a number sign (#).
Chapter 3: Authentication and Access Control for the Interstage HTTP Server 3-42
Part III Firewall and Proxy Server
Chapter 4 HTTP Tunneling This chapter describes HTTP Tunneling.
Chapter 4: HTTP Tunneling HTTP Data Communication Using HTTP Tunneling In HTTP tunneling, data communication using the HTTP protocol can be conducted by converting data communication with the IIOP protocol used usually in CORBA applications into HTTP data. This is a useful function when you want to establish client-server linkage beyond the firewall.
HTTP Data Communication Using HTTP Tunneling Developing the CORBA Application When HTTP tunneling is used by a CORBA application, the ordinary CORBA application can be used intact. The application need not be recreated (including re-linkage) to use the HTTP tunneling function. Constructing the HTTP Tunneling Environment (Constructing the HTTP Gateway Environment) To perform data communication by the CORBA application through HTTP, the HTTP gateway environment must be constructed in the Web server.
Chapter 4: HTTP Tunneling HTTP Tunneling Setup This section describes the procedure for setting the environment when using the HTTP tunneling in the CORBA application linkage. Overview This section describes the procedures for setting up the environment when HTTP tunneling is used. Set up the environment for the Web server. HTTP tunneling can be used by specifying the parameter when client applications are started.
HTTP Tunneling Setup (1) Using Interstage HTTP Server Copy the following file (the installation path is the default) to the modules directory of the Interstage HTTP Server: C:\Interstage\ODWIN\bin\httpgw\ODhttpAp.dll Copy the following file (the installation path is the default) to the libexec directory of the Interstage HTTP Server. /opt/FSUNod/lib/libOMhttpAp.
Chapter 4: HTTP Tunneling Notes • When the Web server is Interstage HTTP Server, messages od40001 and od40002 are not output. (2) Using InfoProvider Pro Copy the following files to the CGI directory in the InfoProvider Pro. Example If the CGI directory in the InfoProvider Pro is C:\wwwhome\cgi-bin copy “C:\Interstage\ODWIN\bin\httpgw\ODhttp.dll” C:\wwwhome\cgi-bin Copy the following files to the CGI directory in the InfoProvider Pro. /opt/FSUNod/lib/libOMhttp.
HTTP Tunneling Setup For IIS 6.0: 1. Select [Control Panel] > [Administrative Tools] > [Internet Information Services (IIS) Manager] to start Internet Information Services (IIS) Manager. 2. Click the icon for the local computer, and then select the target Web site from Web Sites. 3. Click [Operation] > [Create New] > [Virtual Directory]. 4. On the virtual directory creation wizard, click [Next]. 5. Enter an alias name (e.g., cgi-bin) in the Alias field, and then click [Next]. 6.
Chapter 4: HTTP Tunneling Setting up HTTP Tunneling In order to use HTTP tunneling, specify the parameters in Table 4-1 for the CORBA_ORB_init function called by a client application. Application other than Java applet Specify as a parameter when starting the application.
HTTP Tunneling Setup Parameter Name Meaning Specify the cgi ID if Web Server is used. If using Internet Information Services, specify the alias of the virtual directory. gateway-name: Specify Odhttp.dll (HTTP-IIOP gateway) Specify libOMhttp.so (HTTP-IIOP gateway) *1) If yes is specified, the HTTP tunneling function is valid if the value of argc.argv posted by the parameter in CORBA_ORB_init() is specified.
Chapter 4: HTTP Tunneling Application Other than the Java Applet Specify the parameter in the following way when a client application (sample_c) is started: (1) For Interstage HTTP Server sample_c -ORB_FJ_HTTP yes -ORB_FJ_SSL yes -ORB_FJ_HTTPGW http://host.com/od-httpgw (2) For other than Interstage HTTP Server sample_c –ORB_FJ_HTTP yes -ORB_FJ_HTTPGW http://host.com/cgi-bm/Odhttp.dll sample_c –ORB_FJ_HTTP yes -ORB_FJ_HTTPGW http://host.com/cgi-bm/libOMhttp.
HTTP Tunneling Setup