Security Enhancements in WebSphere 6.1

In his latest article, Keys Botzum gives an overview of the the security enhancements to WebSphere Application Server 6.1. Here is a a list of the enhancements, for more details, read the article.

• Default Security Settings: Some of the default settings have been changed in the new version:
  • Administrative security is enabled automatically during installation.
  • All internal transports are authenticated by default.
  • Most internal transports are encrypted by default.
  • The default encryption keys are eliminated. A cell-specific set of keys is created automatically.
  • JNDI is read-only by default to all.
  • Messaging limits connections to only authenticated users granted the bus connect role by default. AllAuthenticated no longer has that role by default.
• Simplified certificate and key management.
  • The admin client can query the server and automatically import the server's signing certificate
  • The admin tools can be used to generate certificates and certificate requests, import keys and certificates, manage certificates and keys, and even share them across the cell.
  • Programmatic APIs for applications to obtain URLStreamHandlers, SSLContext instances, and SSLSocketFactories, based on the WebSphere Application Server-managed SSL configuration.
  • LTPA encryption keys are automatically changed at regular intervals. To avoid outages, multiple key versions are simultaneously supported.
• Support for federated repositories.
  • Support for file registry
  • Support for multiple LDAP registries.
  • Support for LDAP failover.
• Fine-grained authorization control (below cell level) for administrative users.
• Single Sign-On from windows desktops to intranet applications.