| CONTENTS | PREV | NEXT | INDEX | Designing Enterprise Applications with the J2EETM Platform, Second Edition |
Auditing is the practice of capturing a record of security-related events to hold users or systems accountable for their actions. The value of auditing is not solely to determine whether security mechanisms are limiting access to a system. When security is breached, it is usually much more important to know who has been allowed access than who has been denied access. Knowing who has interacted with a system allows the determination of accountability for a breach of security. Moreover, to use auditing to evaluate the effective security of a system, there must be a clear understanding of what is audited and what is not.
The deployer is responsible for configuring the security mechanisms to be applied by the enterprise containers. Each configured mechanism may be thought of as a constraint that the containers will attempt to enforce on interactions between components. It should be possible for the deployer or system administrator to review the security constraints established for the platform and to associate an audit behavior with each constraint so that the container will audit one of the following:
It is also prudent to audit all changes (resulting from deployment or subsequent administration) to the audit configuration or the constraints being enforced by the platform. Audit records must be protected so that attackers cannot escape accountability for their actions by expunging incriminating records or changing their content.
The J2EE programming model shifts the burden of auditing from developers and integrators to those who are responsible for application deployment and management. Therefore, although not currently mandated by the J2EE specification, it is recommended that J2EE containers provide auditing functionality that facilitates the evaluation of container-enforced security policy.