TEC Workbook - IBM

More documents

Recommendations

Info

<strong>IBM</strong> Software 2.9 Summary In this lab, you learned: ● That there are three service processing phases that occur each time a message arrives. The client-side processing performs all protocol related processing as well as shielding against a variety of malicious attacks. The service processing phase contains all of the specific rules and actions that you define. The server-side processing phase is where any backside protocol tasks are performed before the message is forwarded to the intended destination. ● WebSphere DataPower configurations are built using a pure object-oriented design. Every configuration object, such as a SSL Proxy Profile or a Processing Policy, can be reused. ● How to configure a Multi-Protocol Gateway service, along with an HTTP Front Side protocol handler, and a Processing Policy. ● A Processing Policy contains a set of Processing Rules; each rule begins with a Match Action that is evaluated to determine whether the rule should be executed. Each processing rule contains a list of processing actions that are executed against the message. ● Match rules can match on various aspects of a message, including the URL, HTTP headers, error codes, or an XPath that inspects the XML payload of a message. ● Clicking the Save Config link in the top navigation area will save your running configuration (for your domain) to the flash memory. The running configuration and the saved configuration are independent. ● How to add a schema validate action to the processing rule by dragging it from the action palette onto the processing rule. WebSphere DataPower appliances can perform schema validation against messages at near wire-speed, adding minimal latency to the overall transaction time. ● SOAP requests and responses are automatically checked against a SOAP schema, assuring that the SOAP envelope is well-formed and correct. ● Request and response XML documents are checked to assure they are well-formed. Malformed XML is rejected which assures backend applications receive only well-formed XML. ● Custom Filters can be used for content-based message filtering and SQL injection threat protection. ● How to transform an XML document using a Transform action. ● XSD and XSL stylesheets are compiled and cached. Page 52 WebSphere Lab Jam
Lab 3 Securing XML Message Content using WS-Security Prerequisites: This lab requires the completion of labs 1 and 2. <strong>IBM</strong> Software In this lab, you’ll be adding a few new processing rules to your multi-protocol gateway’s processing policy to demonstrate various security features. Upon completing this lab, you’ll have a better understanding of: ● Private keys and public certs. ● How WebSphere DataPower handles digital keys and certificates. ● Support for WS-Security digital signatures, encryption, and decryption. ● Field-level encryption. ● The built-in authentication and authorization framework. ● Connecting to an LDAP server. ● Configuring SSL. 3.1 Public Key Infrastructure (PKI) In the digital world, public and private keys are often employed to perform cryptographic operations, such as encryption of message data. The use of key pairs (public/private) is known as asymmetric encryption. It is vital that the private key is protected, while its public counterpart, the public key (often carried in a certificate), can be freely distributed. Certificates are typically validated by a Certificate Authority (CA). In the event that an authority needs to revoke a previously distributed certificate, it adds the revoked certificate to a globally published certificate revocation list (CRL). On DataPower, public certificates and private keys are wrapped in crypto objects so that there is one level of indirection when using them. For example, when you upload a public certificate, it will be wrapped in a Crypto Certificate object. When a service object needs to use that public certificate, it will reference it using the crypto certificate instead of the actual certificate file. The following image shows a signing action that references a crypto key and crypto cert when digitally signing a message. Crypto Key Private Key Crypto Certificate Public Certificate This single level of indirection allows the underlying key or certificate to be replaced without the need to reconfigure any services that are using it. Lab 3 - Securing XML Message Content using WS-Security Page 53
Page 1 and 2: WebSphere Lab Jam Connectivity WebS
Page 3 and 4: Contents IBM Software CONNECTION PA
Page 5 and 6: Connection Parameters Spreadsheet I
Page 7 and 8: 1.4 Introduction to WebSphere DataP
Page 9 and 10: IBM Software You’re now ready to
Page 11 and 12: There are several areas in the WebG
Page 13 and 14: 1.10 WebSphere DataPower Services I
Page 15 and 16: IBM Software Gateway supports WebSp
Page 17 and 18: cert: Directory Usage IBM Software
Page 19 and 20: __7. Click on the small plus sign t
Page 21 and 22: 1.13 Logging IBM Software WebSphere
Page 23 and 24: ● Trigger a set of actions to occ
Page 25 and 26: 1.13.4 Appliance management IBM Sof
Page 27 and 28: 1.13.8 Configuration Comparison, Ch
Page 29 and 30: Lab 2 Working with XML Prerequisite
Page 31 and 32: 2.1.5 WebSphere DataPower Configura
Page 33 and 34: IBM Software It’s also possible t
Page 35 and 36: Match Rule - evaluate statements us
Page 37 and 38: IBM Software __18. In the Configure
Page 39 and 40: IBM Software __2. Expand the policy
Page 41 and 42: IBM Software __12. In soapUI, click
Page 43 and 44: IBM Software __3. Click the green s
Page 45 and 46: The SQL statement would become: SEL
Page 47 and 48: __2. Click and drag a transform act
Page 49 and 50: 2.7 Stylesheet Caching IBM Software
Page 51: 2.8.3 Virus Scanning IBM Software V
Page 55 and 56: 3.2.2 Create the Crypto Key and Cer
Page 57 and 58: 3.2.7 Verifying the request signatu
Page 59 and 60: __8. Click the Close Window link to
Page 61 and 62: __12. Click on the small [+] to sho
Page 63 and 64: IBM Software __3. Click on the last
Page 65 and 66: IBM Software __6. In the list of co
Page 67 and 68: __11. Click the Done button in the
Page 69 and 70: Lab 4 Access Control Framework Prer
Page 71 and 72: __3. Double click the yellow outlin
Page 73 and 74: Appendix A. Notices This informatio
Page 75 and 76: Appendix B. Trademarks and copyrigh
Page 77 and 78: NOTES

TEC Workbook - IBM

Create successful ePaper yourself

Delete template?

Save as template?