aspose file tools*
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Part II, System architecture: Firewall and SSL, Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Part II, System architecture: Firewall and SSL," Watch "Part II, System architecture: Firewall and SSL," New topic
Author

Part II, System architecture: Firewall and SSL,

bill lubx
Greenhorn

Joined: May 04, 2002
Posts: 26
Hi java gurus:
I have several questions that I was confused about regarding firewall and SSL , since I don?t have experience on the system architecture. Please correct me if I am wrong.
1. SSL have the mechanism to ensure the communication between the client and web server. Since SSL will authenticate both party, and deny illegal access, does this imply that using SSL could replace fire wall in securing the network communication? But this could not be true, any thought?
2. In a VPN, could it be possible using RMI over IIOP to communicate between client and server by SSL? I guess it is ok, since it is possible tuning the data through HTTP.
3. Since VPN is secured connection between client and the server, if it is an overkill to use SSL over VPN connection?

thanks
/bill


Honk if you hate bumper stickers that say "Honk if ..."
Unni Kuttan
Greenhorn

Joined: Jul 12, 2002
Posts: 11
Let me try to answer (I am no expert either)
1. Firewalls are meant to restrict access to networks or parts of networks while SSL is for secure communications (once the parties can communicate). So they have different purposes in life.
2. Yes it should be
3. VPN is not a secured connection between client and server, only the parts that go from the remote machine (client) to the VPN server (or the tunnel that goes over the internet is secure). The traffic from there to the destination (server) may or may not be encrypted. So if you still want to secure the entire communication you need to use SSL.
cheers
bill lubx
Greenhorn

Joined: May 04, 2002
Posts: 26
The idea of using SSL or Firewall or both was coming up with design decision of a system within the budget. In other words, how to build a secured system within limited budget (after Dow down to 7700, it is a reasonable consideration).
Say, if SSL could satisfied most security requirement, it would be the first choice, in this case, I could save few dollars on the hardware and/or software for a firewall.
For a B2B solution, since client usually carry certificates (in part II, the ticket agents as application clients in a VPN ), the server will deny any accesses from an untrusted party. Since firewall would do the same thing but need to throw more currency from the packet. I would prefer SSL solution if I have a tight budget.
It might sounds silly for this question since firewall is regarding the network security, while SSL regarding secure communication.
Well, What will happen if a webserver stands out of a DMZ but only allowed SSL connection? Does this server could survive in illegal attacks? And what kind attack would be? If considering the certificates that the client carry would satisfied the security requirement. And assuming the certificates could not be hold by a bully party.
cheers
/bill
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Part II, System architecture: Firewall and SSL,