If appropriate security measures are not implemented for a system that uses a network, an application might be executed without authorization, or communications or data managed by the backend database might be leaked or altered. To prevent such issues, ascertain the security threats and implement countermeasures against them.

In this subsection, the following security threats are assumed:

• Unauthorized third-party intrusion into the system from the outside
• Leakage of data handled by applications to a third party
• Leakage of application communications to a third party
• Third-party alteration of application communications
• Operation or information acquisition by a system user beyond the scope of permission granted to that user

This subsection discusses countermeasures against these threats from outside the system. It does not discuss threats emanating from within the system.

The countermeasures as shown in the table below can be employed against expected security threats. For more concrete description of each countermeasure, see the indicated reference.

Table 4-6 Possible countermeasures against security threats

Threat	Countermeasure	Relevant information
Unauthorized third-party intrusion into the system from the outside	Deploy a firewall and intrusion detection system.	4.11.2
Leakage of data handled by applications to a third party
Leakage of application communications to a third party	Encrypt communication.	4.11.3#
Third-party alteration of application communications
Operation or information acquisition by a system user beyond the scope of permission granted to that user	Authenticate users from within applications.	4.11.4

#: To encrypt communication, HTTPS is used. The relevant information describes how to use an SSL accelerator to handle encrypted communications in the case that HTTPS is used.