Security can be BEASTly
ColleenMcCretton 270002FD5R Comments (2) Visits (5149)
Here in the Maximo development team we try to reinvent the wheel as little as possible. Part of the reason we run on application servers such as WebSphere is the robust feature set that they offer – and that we don’t have to build. Especially in the area of security, we leverage the capabilities of the application server for a great deal of functionality. Many of our certifications for things like IPv6 compliance and encryption standards come directly from the capabilities of the application server. We use application server capabilities for LDAP integration, SSO support and SSL/TLS communication.
Recently a new security vulnerability called BEAST (short for Browser Exploit Against SSL/TLS) was reported and publicized in the media. Maximo doesn’t do anything with SSL or TLS on its own – everything is done through the application server capabilities. Below is a link to some information from WebSphere on BEAST:
In addition to this new information, there is a wealth of information about making WebSphere more secure available out there. Customers I have worked with have found this series on hardening WebSphere very valuable:
There are also several APARs related to WebSphere security. The Maximo Security Team highly recommends reviewing these fixes and applying where appropriate for your environment. Click the links below or search the APAR number for more information or to locate the appropriate download file.