Unit 3 Notes
Unit 3 Notes
Remote Method Invocation (RMI) is an API that allows an object to invoke a method
on an object that exists in another address space, which could be on the same machine
or on a remote machine. Through RMI, an object running in a JVM present on a
computer (Client-side) can invoke methods on an object present in another JVM
(Server-side). RMI creates a public remote server object that enables client and
server-side communications through simple method calls on the server object.
Stub Object: The stub object on the client machine builds an information block and
sends this information to the server.
The block consists of
An identifier of the remote object to be used
Method name which is to be invoked
Parameters to the remote JVM
Skeleton Object: The skeleton object passes the request from the stub object to the
remote object. It performs the following tasks
It calls the desired method on the real object present on the server.
It forwards the parameters received from the stub object to the method.
Working of RMI
The communication between client and server is handled by using two intermediate
objects: Stub object (on client side) and Skeleton object (on server-side) as also can be
depicted from below media as follows:
Data security practices, policies and technologies are also key to keeping internal
users from conducting inappropriate actions with any data.
The last point is significant because organizations have a variety of industry and
federal regulations with which to comply, from GDPR and CCPA to the Sarbanes-
Oxley Act and PCI DSS.
Types of data security technologies
Data security is paramount because attackers relentlessly look for any and all
vulnerabilities to infiltrate corporate networks. To keep data properly protected,
enterprises can use the following seven technologies.
1. Firewalls
A firewall is the initial security layer in a system. It is designed to keep unauthorized
sources from accessing enterprise data. A firewall serves as an intermediary between a
personal or enterprise network and the public internet. Firewalls use pre-configured rules
to inspect all the packets entering and exiting a network and, therefore, help stop malware
and other unauthorized traffic from connecting to devices on a network.
Different types of firewalls include the following:
basic packet-filtering firewalls
circuit-level gateways
application-level gateways
stateful inspection firewalls
next-generation firewalls
2. Authentication and authorization
Two processes are used to ensure only appropriate users can access enterprise
data: authentication and Authorization.
Authentication involves users providing proof that they are who they claim to be. This proof can
be providing a secret, such as password or PIN, or biometric authentication. Depending on the
authentication scenario, users may be required to provide one or more additional factors when
signing in, known as two-factor authentication or multifactor authentication (MFA).
Examples of authentication are the following:
passwords/PINs
MFA
biometric scans
behavioral scans
Once users have proven their identity, authorization determines whether the user has
the appropriate permissions to access and interact with specific data. By authorizing
users, they gain permissions within the system to read, edit and write different
resources.
Examples of authorization are the following:
principle of least privilege access
attribute-based access control
role-based access control
3. Data encryption
Data encryption converts data into coded ciphertext to keep it secure at rest
and while in transit between approved parties. Encrypting data ensures only
those who have the proper decryption key can view the data in its original
plaintext form. Encrypted data is meaningless if captured by attackers.
Examples of data encryption are the following:
asymmetric encryption, also known as public key encryption; and
4. Data masking
Data masking obscures data so that, even if criminals exfiltrate it, they can't make sense
of what they stole. Unlike encryption, which uses encryption algorithms to encode data,
data masking involves replacing legitimate data with similar but fake data.
Tokenization is an example of data masking. It involves replacing data with a unique
string of characters that holds no value and cannot be reverse-engineered should it be
captured by bad actors.
Other examples of data masking are the following:
data deidentification
data generalization
data anonymization
pseudonymization
5. Hardware-based security
Hardware-based security involves physical protection of a device rather than relying
solely on software installed onto the hardware. Because attackers target every IT layer,
companies need protections built into the silicon to ensure hardened devices.
Examples of hardware-based security are the following:
hardware-based firewalls
proxy servers
hardware security modules
6. Data backup and resilience
Organizations should save multiple copies of data, especially if they want to fully recover
following a data breach or other disaster. With data backups in place, companies can
resume normal business functions faster and with fewer hiccups. To ensure data
resilience, organizations need protections in place to keep the backed-up data secure
and ready for use.
One example of data backup protection is data vaulting, which creates air-gapped
versions of backed-up data. Organizations should also follow a 3-2-1 backup strategy,
which results in at least three saved copies of data in different locations.
Other types of data backup protection include the following:
redundancy
cloud backup
external hard drives
hardware appliances
7. Data erasure
It is important organizations properly delete data and ensure that deleted data is not
recoverable. Known as data erasure, this process involves completely overwriting
stored data so that it cannot be recovered. Also known as data destruction, data erasure
often involves turning data illegible after erasing it.
Organizations must be able to properly destroy data, especially in the wake of regulations
such as GDPR, which stipulate customers can request the erasure of their personal data.
Other types of data erasure include the following:
data wiping
overwriting
physical destruction
degaussing