Security and the Custom Client

Security and customs client2/2/2005by Taidege Dade security threat to web-based applications and client data than ever today, they are forcing companies to reassess their choice. Combating security threats, large and small companies are being tailored to the client technology. Let us look at the security challenges facing the traditional application deployment and the number of enterprises is to combat the threat of using unconventional means.

With the Internet bubble of the late 1990s, the nature of application development immigrants from a client-based application model to focus on network-based model, in which applications through a Web browser - visit. Motivated migration is enormous cost savings and development, sales and support of Web-based applications based on client than the earlier model. Web-based applications, it is now infiltrating the market.

However, in recent years, there have been security threats endanger the integrity of this model, and the risk of intellectual property and customer data. Every year, several billions of dollars for the development of strategies and technologies to combat these threats. Despite these expenditures, the company is in the best holding their own and find themselves in the worst victims of malicious network attacks.

Traditional security challenges in the current model, the application ordinarily resident in the server, and is now entering a consumers Web browser client. With more than 93 percent of the global share of Microsofts Internet Explorer possession monopoly on the client browser market.

Major sources of risk for the application and transaction data to be sent to the client and server are: entered Client: mainly used to interact with the network-based application is based on the client browser consumers. However, the application provider has been unable to control the browser. The same tool can be fully grasp and not connected to the Internet, and therefore exposed to the risk of viruses, spyware and Trojan horse applications. In this environment, security, network-based application and transaction data to depend on the level of security on the client. Poor security, and increase the risk of exposure to network-based applications and data.

Nature of browser technology: Internet Explorer is the primary browser used to access network-based applications and the Internet. While Microsoft has made great progress to address security vulnerabilities in Internet Explorer, the overall risk remains high. Major contributor to the problem is that the ActiveX in nature and capacity to provide third-party plug-ins in their own technology. From a security point of view, this ability rotation assets as a potential liability.

Files goal: as a victim of its own success, Microsoft has become a highly visible target for hackers and terrorists networks. Network attack is a typical project, to the greatest extent and effectiveness of decentralization, which means they infrastructure is usually aimed at the market leader, Microsoft. In such circumstances, the application relies on Microsofts technology is at greater risk than the application, relying on the lower profile technology.

In the past 18 months, icesoft technology have witnessed a growing number of enterprises to use custom client application of technology to meet their security concerns. First appeared in the major financial institutions, this trend has spread to health care, government and MIL - aviation vertical. According to the rationale behind this trend is simple. Application of more secure if they restrict content access, and limit the client amendment is sandboxed from the rest of the client environment, and represent less visible targets for malicious factions.

Restrictions on the Use and Java: The deployment of a small, customized Java-based Web clients, the primary risk is being addressed, their applications and data. These customers are usually less than 1 MB and can be readily integrated into an application. They can be quickly downloaded using jnlp and Java Web Start and can be centrally managed by the application provider, thus reducing the opportunities, the phenomenon of corruption overseas agents.

Client is usually aimed at application, which limits user access to only the content and applications approved prescription URL. Client users can modify their own problems, for example, through plug-in installed. Restrict access to the Internet and to prevent large-scale modifications to the client, exposure offensive content and malicious third parties to a minimum.

Sand play value of a sand box: Java language provides two ways to isolate applications from potentially destructive, harmful or third-party applications. First, the flexible dynamic load capacity of Java enables customers to install and update nonadministrator users, so as to protect the basic integrity of the client. This capability is in contrast to the security risks, conventional Windows installation and application needs administrator privileges. These same privilege can be abused by worms and viruses to co-opt the system for their own purposes.

Second, the Java Virtual Machine (JVM), running Java Sandbox allow only the necessary documentation system and network access. This restriction is to protect the client server system is compromised, so that the whole system less attractive to attackers. If there is no such internal enterprise security is extremely vulnerable, once the firewall is violated.

Fly under the radar: customized client technology to enable enterprises to use the technology is nowhere near as visible and recognizable than Internet Explorer. Effective, but they can fly under the radar of the corporate attack on the. Therefore, customization, not far from the typical broad-brush attacks against the Internet Explorer. Malicious Parties would have specific objectives, and a customized for each client individually, greatly reduce the impact and cost of the global increase in such attacks. In addition, the portability of the Java allows migration to Linux or Mac OS X client, and further inhibit the success of the attacks, and to increase the robustness of the enterprise through diversity.

Cost of a custom client solutions is low. The main development costs, as is traditional with the new browser engine capacity. With a modest investment for the project, enterprises are realizing payback period in just a few weeks or months.

Customized client solutions provide a variety of functions approaches that of Internet Explorer. These measures include the open-source solutions, such as Mozilla, a feature-rich Java-based tool kits will provide SSL and Java language, such as the icesoft the icebrowser SDK.

As pressure on enterprises to increase the security of their applications and customer data, non-traditional solutions customized client to see more and more adoptions.