Securing the Wire Blog

Version 2


    A Book Excerpt

    With wireless, you are aware that people around you can intercept the messages that you send. Many people act as if the same is not true on LANs. "Raw TCP packets flowing through a data network may be incomprehensible, even invisible, to a normal user fostering a sense of security, but in reality, the data in these packets are very accessible to those with the appropriate tools and know-how. The data networks over which these packets flow were not designed to protect the information from malicious folks and provide little or no security. With the help of programs freely available over the Internet, one can easily view, analyze and filter, on a normal PC, all the data being exchanged by machines on the same LAN. What it means is that a rogue neighbor, subscribing to the same cable or DSL ISP (Internet Service Provider) as you, can easily collect your account names and the passwords on different websites, including those from your online broker or bank, without you ever being suspicious."

    In this excerpt from Pankaj Kumar's book on J2EE Security, he shows you how to use SSL to secure your Java applications. "SSL API for Java is modeled after socket-based networking API and it is fairly straightforward to modify existing TCP programs to use SSL. Using JCA-compliant API to plug different implementation of cryptographic services and to build and install key managers and trust managers provides an extensible framework to use security components from different sources."

    This book excerpt is from Chapter 6 of "J2EE Security: For Servlets, EJBs, and Web Services" by Pankaj Kumar, ISBN 0131402641, copyright 2004. All rights reserved. This chapter, titled "Securing the Wire" is posted with permission from Prentice Hall PTR.

    We are presenting this book excerpt as a PDF download. The file size is a little over 1.3 MB. Download Chapter 6: "Securing the Wire".