Objective 2.1: Recognize the effect on each of the following characteristics of two tier, three tier and multi-tier architectures: scalability, maintainability, reliability, availability, extensibility, performance, manageability, and security
Objective 2.2: Recognize the effect of each of the following characteristics on J2EE technology: scalability, maintainability, reliability, availability, extensibility, performance, manageability, and security
Security
The ability to protect the system and all of its components and services against possible attacks.
These attacks usually try to compromise the integrity and/or the confidentiality of the system.
Attacks can also try to compromise the availability of the system, in the form of
Denial of Service attacks.
Security must not only be addressed by using technology (firewalls, DMZ, encryption and so on), but also by using methodology (security policies and procedures) in order to secure the "human factor".
Effects
1 tier:
Good. Connectivity is physically limited.
2 tier:
Poor. Fat clients are distributed everywhere, accessing a server that is relatively exposed, so an easy target for attacks.
n tier:
Good. Security can be applied to each tier. However, in a complex system, something can be missed. And the complex nature of
multi tiered systems can make security more expensive.
J2EE:
J2EE facilitates security by offering declarative role management and security policies in the different tiers (on servlets and EJB for example).
Denial of Service
An attack where the server is simply flooded with bogus messages, so that its availability becomes compromised.