IBM BS029ML Self Help Guide - Page 110
Secure communications over SSL, 4.1.8 Integration with Tivoli Access Manager and WebSEAL
View all IBM BS029ML manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 110 highlights
The general guidelines for configuring PAC are summarized in the white paper Performance tuning of Portal Access Control, found at: http://www.ibm.com/developerworks/websphere/library/techarticles/0508_buehler/0508 _buehler.html Although this white paper was written for Version 5, many principles are still applicable to Version 6. 4.1.7 Secure communications over SSL Secure communication over the wide-open unprotected internet is essential to many business applications. It builds up consumer confidence and protects sensitive data transmitted through the internet. Secure Socket Layer (SSL) or its successor Transport Layer Security (TLS) are the protocols that leverage a variety of cryptographic algorithms to implement security. Even within corporations, the communication through the intranet is not necessarily safe. As a matter of fact, reported internal attacks constitute an alarming 45 - 50% of the total cases. Sensitive information passed around the corporate networks are subject to attacks by disgruntled or dishonest employees. Companies put themselves at risk by holding and passing sensitive information without protection. Internal threats can generally be categorized as the following three types: Corporate espionage: Employees or contractors may be recruited and paid by competitors to steal company secrets. Malicious employees: Current and recently terminated employees may want to cause damages to the company by destroying valuable data or files, or causing network disruption. Unintentional breaches: Employees put the network at risk by installing unauthorized software, opening virus-infected e-mail attachments, succumbing to social network attacks, and so on. When designing your Web sites based on WebSphere Portal, you should understand clearly what data is sensitive and needs protection. Depending on the nature of the application, you may want to secure the entire site or only a portion of it. The WebSphere Portal infrastructure provides the flexibility of a range of solutions that suit your requirements. On the other hand, you have to understand that there are performance implications when configuring SSL due to its protocol nature, that is, a handshake phase is required to establish the trust relationship between the communication parties, and then there is an exchange of keys. In addition, all communications over SSL channels must be encrypted at the source and decrypted at the destination. This process will impact processing on all requests going through the secured channel. Also, the configuration makes certain cache options impossible. Depending on the encryption algorithm, the length of the encryption key, the complexity of the data, and other factors of the network, the overhead of SSL can be between 10 - 50%. In most cases, using SSL accelerator will help performance. 4.1.8 Integration with Tivoli Access Manager and WebSEAL For WebSphere Portal authentication, you can use the native authentication mechanism provided by the underlying WebSphere Application Server infrastructure, or an external security manager such as Tivoli Access Manager for e-business (TAM). The integration of WebSphere Portal and TAM provides a single central authentication point for one or more systems and other Web applications, thus providing easier management of security assets. 96 IBM WebSphere Portal V6 Self Help Guide