Find White Papers
Home About Contact Help
Free Membership Member Login
Aug 21, 2008
View Popular Research Browse Topics Find Business Solutions RSS Feeds List Your Research
Search the Library                  Advanced Search

WebSphere Product Center at Panasonic

IBM
By : IBM
INFORMATION
Published : Feb 01, 2006
Length : 3
Type : Case Study
 
Download Now
Save for Later
  Email This Page
Overview :

In Europe's consumer electronics market, Panasonic Europe and its competitors are constantly updating product offerings due to changing technologies. With such fierce competition and short product lifecycles, Panasonic's level of success greatly depends on how quickly it can market new products. New product information must be quickly and accurately distributed to regional sales and marketing teams located in every country in Europe, with translations in every European language.  To address this need, Panasonic Europe teamed with IBM to implement a solution based on IBM WebSphere Product Center.

This case study outlines their success in achieving global simultaneous product launches, correct information for catalogs and advertising, faster price change notifications and better Point of Sale (POS) integration.

View All Items By This Company
Browse Related Categories :

Application Integration

,

Best Practices

,

Business Management

,

Collaboration

,

Data Integration

,

Enterprise Applications

,

IT Spending

,

Information Management

,

Product Lifecycle Management

,

Records Management

,

Return On Investment

,

Sales & Marketing Software
 
1.1 Defense in Depth

Nixu SNS has been designed applying the Principle of Defense in Depth. Defense in Depth has been applied when more than one subsystem has to be compromised to compromise the security of the entire system. Defense in Depth is the concept of protecting a computer network with a series of defensive mechanisms such that if one mechanism fails, another will already be in place to block an attack.

In the case of Nixu SNS, the Principle of Defense in Depth involves the following:

- Encrypted connections - In-host firewall - IPS system - ACLs for enabled services

- Services are running with secure configurations - Web-UI authenticates the users - Web UI writes logs of the user actions - O/S is hardened and backups are taken periodically - If possible, Perimeter firewall for the network is used

1.2 Principle of Least Privilege

Nixu SNS has been designed applying the Principle of Least Privilege. According to the Principle of Least Privilege, every user, process and program should be able to see only such information and resources that are necessary for them to perform a given operation or task. The idea behind the principle is to grant as minimal privileges as possible to permit a legitimate action, thereby enhancing the protection of data and functionality from faults and malicious behaviour.

In the case of Nixu SNS, the Principle of Least Privileged involves the following:

- Services are not running as root

- There are multiple level user accounts for Web-UI and shell access

- User accounts have necessary permissions only, to do only the necessary actions - Use sudo when privilege escalation is required

1.3 Principle of Default Deny

Nixu SNS has been designed applying the Principle of Default Deny. When the Principle of Default Deny has been implemented, anything that is not explicitly allowed is denied regardless of whether the function is related to access, privileges, some security-related attribute or other similar function.

In the case of Nixu SNS, the Principle of Default Deny involves the following:

- Firewall blocks all but explicitly allowed connections - Shell access for users needs to be explicitly permitted - All but necessary services are disabled - All but necessary packages are removed
2 Application Security

2.1 Software Components

CentOS Linux 4.3 i386:

- RPMs have been stripped to the bare minimum. Complete package list can be found at the end of this document - Updates included until May 9 2006

Apache Web Server 2.0.52-28

- Includes security fixes to 2.0.52 CAN-2004-0885, CVE CAN-2004-0942, CVE-2006-3918 - Apache runs as user apache by default

Web server; PHP-module (php 4.3.9-3.12)

- Includes security fixes to 4.3.9 CAN-2004-0958 and other fixes

- As shell_exec() function is used in PHP scripts, the safemode can?t be enabled; the shell_exec() function is disabled in safemode.

BIND 9.2.4-2

- Secure and stable release of ISC BIND

Bastille 3.0.9-1.0 and PSAD 1.4.6-1

- These components form the basis for the IDS/IPS system. Both are the latest releases and have no known security issues

Nixu SNS 1.0.1 (proprietary code by Nixu Software used to integrate software components and in the management utilities) is included in the software package. Both the software architecture and the entire Nixu SNS software package has been audited and tested by independent third-parties; updates will be released and delivered, if and when necessary, by Nixu Software.

2.2 Authentication

An attempt to access any script in the WebUI causes system to authenticate the user. If the user is not authenticated or authentication cannot be performed, the user is redirected to login page. Login prompts user for username and password. Both successful and unsuccessful login attempts will be logged in the Nixu SNS system log.

To defend against brute force attack, the logging system monitors for brute force attempts and slows the attacker down (using e.g. sleep() or similar). Also, Nixu SNS offers a possibility to temporarily block access from IP addresses which have made repeated failed login attempts.

Shell users are authenticated using Unix Password or any other supported authentication module. By default, only Root user exists: additional users should be created by the administrator as needed.
Search the Library                  Advanced Search
Today's Popular Reports This Weeks Most Popular Reports Most Popular Topics Vendor Directory Home
About Us Contact Us List Your Papers Partner With Us Site Map