DOCSLIB.ORG

Department of Homeland Security ��������������������������

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Department of Homeland Security �������������������������� Department of Homeland Security �������������������������� Management Advisory Report: A Guide for Assessing Cybersecurity within the Office of Inspector General Community This report was prepared on behalf of Council of the Inspectors General on Integrity and Efficiency. OIG-14-43 February 2014 OFFICE OF INSPECTOR GENERAL Department of Homeland Security Washington, DC 20528 I www.oig.dhs.gov February 24, 2014 MEMORANDUM FOR: Council ofthe Inspectors General on Integrity and n~ONc- FROM: 4arlton I. Mann Chief Operating Officer SUBJECT: Management Advisory Report: A Guide for Assessing Cybersecurity Within the Office of Inspector General Community The Council ofthe Inspectors General on Integrity and Efficiency {CIGIE) tasked the Cybersecurity Working Group with undertaking a review in which it would examine the role of the Inspector General community in current Federal cybersecurity initiatives. CIGIE proposed that the Cybersecurity Working Group work under the auspices of the Information Technology (IT) Committee. As a member of the IT Committee, the Department of Homeland Security (DHS) Office of Inspector General (OIG) was asked to lead and coordinate the Cybersecurity Working Group's efforts in identifying the Inspector Generals' cybersecurity oversight role. I am pleased to provide CIGIE with a high-level audit guide that can be used as a baseline for cyber and IT security-related reviews conducted by the Inspector General community. The guide is based on the subject matter expertise of DHS OIG IT audit managers and specialists, legal research, and a review of applicable websites and audit programs developed within the OIG community. The intent ofthis guide is to provide a foundation for conducting cybersecurity and IT system security-related audits. The guide was developed to the best knowledge available to DHS OIG. We trust that this guide will result in better protecting the integrity of Federal computer systems and networks and minimize the risks associated with cyber vulnerabilities and potential threats. I would like to acknowledge the support provided to this effort by all the participants listed in Appendix X to produce a final document that represents the needs of the Inspector General community. Attachment The Council of the Inspectors General on Integrity and Efficiency (CIGIE) was statutorily established as an independent entity within the executive branch by the Inspectorf GeneralfReformfActfoff2008, Public Law 110-409. The mission of the CIGIE is to— • Address integrity, economy, and effectiveness issues that transcend individual government agencies. • Increase the professionalism and effectiveness of personnel by developing policies, standards, and approaches to aid in the establishment of a well-trained and highly skilled workforce in the Federal Inspector General (IG) community. CIGIE Membership • All IGs whose offices are established under either section 2 or section 8G of the InspectorfGeneralfAct, or pursuant to other statutory authority (e.g., the Special IGs for Iraq Reconstruction, Afghanistan Reconstruction, and Troubled Asset Relief Program). • The IGs of the Office of the Director of National Intelligence (or at the time of appointment, the IG of the Intelligence Community) and the Central Intelligence Agency. • The IGs of the Government Printing Office, the Library of Congress, the Capitol Police, the Government Accountability Office, and the Architect of the Capitol. • The Controller of the Office of Federal Financial Management. • A senior-level official of the Federal Bureau of Investigation, designated by the Director of the Federal Bureau of Investigation. • The Director of the Office of Government Ethics. • The Special Counsel of the Office of Special Counsel. • The Deputy Director of the Office of Personnel Management. • The Deputy Director for Management of the Office of Management and Budget. OFFICE OF INSPECTOR GENERAL Department of Homeland Security CIGIE Information Technology Committee The CIGIE Information Technology (IT) Committee’s mission is to facilitate effective IT audits, evaluations, and investigations by IGs, and to provide a vehicle for the expression of the IG community's perspective on Government-wide IT operations. Under its operating principles, this committee strives to promote participation by the IG community members in its activities, encourage communication and cooperation with colleagues in the IT field (including Federal Chief Information Officers and staff, and security professionals), and promote effective teamwork in addressing Government-wide initiatives, improving IG IT activities, and safeguarding national IT assets and infrastructure. Some of the key activities of this committee include coordinating IT-related activities of the CIGIE, conducting relevant IT educational and training activities, advising the CIGIE on IT issues, and providing for IT information exchange among the IGs, including best practices and current capabilities. The Cybersecurity Working Group was formed under the auspices of the CIGIE IT Committee. OFFICE OF INSPECTOR GENERAL Department of Homeland Security Table of Contents Executive Summary ............................................................................................................. 1 Background ......................................................................................................................... 3 Objective and Scope ........................................................................................................... 5 Federal Agency Responsibilities for Critical Infrastructure ................................................ 6 Cybersecurity Policy ............................................................................................................ 9 System Security and Vulnerability Guidance .................................................................... 14 System Vulnerability Management and Penetration Testing. .......................................... 23 Information Security Continuous Monitoring .................................................................. 29 Cloud Computing .............................................................................................................. 33 Steps for Evaluating a Cybersecurity Program ................................................................. 37 Steps for Conducting Cybersecurity-Related Audits ......................................................... 41 Appendixes Appendix A: Additional References to Relevant Requirements and Guidance……….. ........................................................................... 54 Appendix B: 2013 and Beyond Threat Landscape ........................................... 70 Appendix C: Sample ROE ................................................................................. 75 Appendix D: Vulnerability Scanning and Penetration Testing Tools ............... 85 Appendix E: Objectives for Evaluating an Agency’s Cybersecurity Program 100 Appendix F: Objectives for Evaluating Identity Management ...................... 102 Appendix G: Objectives for Evaluating Network Management and Security……………………. ............................................................... 105 Appendix H: Objectives for Evaluating Laptop Security ................................ 113 Appendix I: Objectives for Evaluating Wireless Security .............................. 118 Appendix J: Objectives for Evaluating Database Security............................. 122 Appendix K: Objectives for Evaluating UNIX Operating System Security ...... 130 Appendix L: Objectives for Evaluating Remote Access Controls and Security……………………. ............................................................... 141 OFFICE OF INSPECTOR GENERAL Department of Homeland Security Appendix M: Objectives for Evaluating Mobile Device Security .................... 147 Appendix N: Objectives for Evaluating Portable Storage Device Security ..... 150 Appendix O: Objectives for Evaluating E-mail Security .................................. 152 Appendix P: Objectives for Evaluating Web Server Security ......................... 155 Appendix Q: Objectives for Evaluating DNS Server Security.......................... 157 Appendix R: Objectives for Evaluating Firewall Security ............................... 159 Appendix S: Objectives for AD Testing .......................................................... 163 Appendix T: Objectives for Evaluating Incident Response, Handling, and Reporting………………….. .............................................................. 165 Appendix U: Objectives for Evaluating IPv6 ................................................... 168 Appendix V: Objectives for RFID Testing ....................................................... 171 Appendix W: Objectives for Evaluating Insider Threats ................................. 173 Appendix X: Contributors to This Guide ........................................................ 176 Abbreviations ACL Access Control List AD Active Directory AES Advanced Encryption Standard ANSI American National Standards Institute CD compact disk CERT/CC Computer Emergency Response Team Coordination Center CIGIE Council of the Inspectors General on Integrity and Efficiency CIKR critical infrastructure and key resources CIO Chief Information Officer CIS Center for Internet Security CISO Chief Information Security Officer CNCI Comprehensive National Cybersecurity Initiative COBIT Control Objectives for Information and related Technology CPR Cyberspace Policy Review CPU Central Processing Unit CVSS Common
Load more

Recommended publications
  • SMTP (Simple Mail Transfer Protocol)
    P1: JsY JWBS001A-60.tex WL041/Bidgoli WL041-Bidgoli.cls May 12, 2005 3:27 Char Count= 0 SMTP (Simple Mail Transfer Protocol) Vladimir V. Riabov, Rivier College Introduction 1 SMTP Security Issues 12 SMTP Fundamentals 1 SMTP Vulnerabilities 12 SMTP Model and Protocol 2 SMTP Server Buffer Overflow Vulnerability 15 User Agent 4 Mail Relaying SMTP Vulnerability 15 Sending e-Mail 4 Mail Relaying SMTP Vulnerability in Microsoft Mail Header Format 4 Windows 2000 15 Receiving e-Mail 4 Encapsulated SMTP Address Vulnerability 15 The SMTP Destination Address 4 Malformed Request Denial of Service 16 Delayed Delivery 4 Extended Verb Request Handling Flaw 16 Aliases 5 Reverse DNS Response Buffer Overflow 16 Mail Transfer Agent 5 Firewall SMTP Filtering Vulnerability 16 SMTP Mail Transaction Flow 5 Spoofing 16 SMTP Commands 6 Bounce Attack 16 Mail Service Types 6 Restricting Access to an Outgoing Mail SMTP Service Extensions 8 Server 17 SMTP Responses 8 Mail Encryption 17 SMTP Server 8 Bastille Hardening System 17 On-Demand Mail Relay 8 POP and IMAP Vulnerabilities 17 Multipurpose Internet Mail Extensions Standards, Organizations, and (MIME) 8 Associations 18 MIME-Version 10 Internet Assigned Numbers Authority 18 Content-Type 10 Internet Engineering Task Force Working Content-Transfer-Encoding 10 Groups 18 Content-Id 11 Internet Mail Consortium 18 Content-Description 11 Mitre Corporation 18 Security Scheme for MIME 11 Conclusion 18 Mail Transmission Types 11 Glossary 18 Mail Access Modes 11 Cross References 19 Mail Access Protocols 11 References 19 POP3 11 Further Reading 22 IMAP4 12 INTRODUCTION and IMAP4), SMTP software, vulnerability and security issues, standards, associations, and organizations.
    [Show full text]
  • Understanding Post Office Protocol (POP3)
    Understanding Post Office Protocol (POP3) Author: Conrad Chung, 2BrightSparks Introduction Most Internet users with email accounts would have used some form of “client” software (Outlook, Thunderbird etc.) to access and manage their email at one point or another. To retrieve emails, these email clients may require the configuration of Post Office Protocol (or POP3) before messages can be downloaded from the server. This article will help readers understand what POP3 is and how it works. What is Post Office Protocol? The Post Office Protocol (POP3) is an Internet standard protocol used by local email software clients to retrieve emails from a remote mail server over a TCP/IP connection. Since the first version was created in 1984, the Post Office Protocol (currently at Version 3) has since became one of the most popular protocols and is used by virtually every email client to date. Its popularity lies in the protocol’s simplicity to configure, operate and maintain. Email servers hosted by Internet service providers also use POP3 to receive and hold emails intended for their subscribers. Periodically, these subscribers will use email client software to check their mailbox on the remote server and download any emails addressed to them. Once the email client has downloaded the emails, they are usually deleted from the server, although some email clients allow users to specify that mails be copied or saved on the server for a period of time. Email clients generally use the well-known TCP port 110 to connect to a POP3 server. If encrypted communication is supported on the POP3 server, users can optionally choose to connect either by using the STLS command after the protocol initiation stage or by using POP3S, which can use the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) on TCP port 995 to connect to the server.
    [Show full text]
  • What Is the Difference Between Email Protocols
    What Is The Difference Between Email Protocols Interactions between email servers and users are governed by email protocols. The most common incoming email protocols are POP, and IMAP. Most email applications/programs support one or more of these. This article is to help users understand and choose which protocol should be selected for each user’s situation. Outgoing Incoming POP (Post Office Protocol): IMAP (Internet Message Access Protocol): SSL (Secure Socket Layer): Differences Between POP and IMAP Backups / Email Loss Outgoing SMTP (Simple Mail Transfer Protocol) is the protocol used in sending (outgoing) emails. SMTP is the protocol always used for sending (outgoing) emails. Incoming POP (Post Office Protocol) and IMAP (Internet Message Access Protocol) are two different protocols that do the same thing differently. They are both used in receiving emails from a mail server and can both are available for standard and secure (?) connections. POP (Post Office Protocol): POP is an email accessing protocol used to download emails from a mail server. Applications like Outlook and Outlook Express using POP will download all emails from the server to the user’s computer, and then delete them on the server. Generally POP server uses port 110 to listen to the POP requests or securely using SSL (Secure Socket Layer) (?) POP uses port number 995. The POP protocol assumes that there is only one client/computer that will be connecting to the mailbox. Even though there is an option in most mail applications to leave the copies of the emails in the server, it is not generally used due to various reasons.
    [Show full text]
  • Ii Jacobs Rp316
    !II JACOBS RP316 RACIBORZ FLOOD RESERVOIR Public Disclosure Authorized Resettlement Action Plan Public Disclosure Authorized DRAFT Public Disclosure Authorized Public Disclosure Authorized March 2005 JACOBS Document control sheet Form IP180/B Client: PCU Project: Odra Flood Mitigation Job No: J24201A Title: Draft Resettlement Action Plan Prepared by Reviewed by Approved by ORIGINAL0 NAME NAME NAME P Devitt L J S Attewill see list of authors H Fiedler-Krukowicz J Loch | DATfE SIGNATURE SIGNATURE SIGNATURE REVISION NAME NAME NAME DATE SIGNATURE SIGNATURE SIGNATURE REVISION NAME NAME NAME DATE SIGNATURE SIGNATURE SIGNATURE REVISION NAME NAME NAME DATE SIGNATURE SIGNATURE SIGNATURE This report, and infonnabon or advice which it contains, is provided by JacobsGIBB Ltd solely for internal use and reliance by its Cient in performance of JacobsGIBB Ltd's duties and liabilities under its contract with the Client Any advice, opinions, or recomrnendatons within this report should be read and retied upon only in the context of the report as a whole. The advice and opinions in this report are based upon the information nmadeavailable to JacobsGIBB Ltd at the date of this report and on current UK standards, codes, technology and constnuction practices as at the date of this report. Folloving final delvery of this report to the Client, JacobsGIBB Ltd will have no further obligations or duty to advise She Client on any mafters, including developrrient affecting the information or advice provided in ths report This report has been prepared by JacobsGIBB Ltd in their professional capaaty as Consuhing Engineers The contents of the report do not, in any way, purport to include any mranner of legal advice or opinion This report is prepared in accordance wrth the terms and conditions of JacobsGIBB Ltd's contract with the Client.
    [Show full text]
  • HTTP Cookie - Wikipedia, the Free Encyclopedia 14/05/2014
    HTTP cookie - Wikipedia, the free encyclopedia 14/05/2014 Create account Log in Article Talk Read Edit View history Search HTTP cookie From Wikipedia, the free encyclopedia Navigation A cookie, also known as an HTTP cookie, web cookie, or browser HTTP Main page cookie, is a small piece of data sent from a website and stored in a Persistence · Compression · HTTPS · Contents user's web browser while the user is browsing that website. Every time Request methods Featured content the user loads the website, the browser sends the cookie back to the OPTIONS · GET · HEAD · POST · PUT · Current events server to notify the website of the user's previous activity.[1] Cookies DELETE · TRACE · CONNECT · PATCH · Random article Donate to Wikipedia were designed to be a reliable mechanism for websites to remember Header fields Wikimedia Shop stateful information (such as items in a shopping cart) or to record the Cookie · ETag · Location · HTTP referer · DNT user's browsing activity (including clicking particular buttons, logging in, · X-Forwarded-For · Interaction or recording which pages were visited by the user as far back as months Status codes or years ago). 301 Moved Permanently · 302 Found · Help 303 See Other · 403 Forbidden · About Wikipedia Although cookies cannot carry viruses, and cannot install malware on 404 Not Found · [2] Community portal the host computer, tracking cookies and especially third-party v · t · e · Recent changes tracking cookies are commonly used as ways to compile long-term Contact page records of individuals' browsing histories—a potential privacy concern that prompted European[3] and U.S.
    [Show full text]
  • Migrationsleitfaden
    Migrationsleitfaden Leitfaden für die Migration der Basissoftwarekomponenten auf Server- und Arbeitsplatz-Systemen Version 1.0 – Juli 2003 Schriftenreihe der KBSt ISSN 0179-7263 Band 57 Juli 2003 Schriftenreihe der KBSt Band 57 ISSN 0179 - 7263 Nachdruck, auch auszugsweise, ist genehmigungspflichtig Dieser Band wurde erstellt von der KBSt im Bundesministeri- um des Innern in Zusammenarbeit mit dem Bundesamt für Sicherheit in der Informationstechnik (BSI), dem Bundesver- waltungsamt (BVA) und der C_sar Consulting, solutions and results AG Redaktion: C_sar AG, Berlin Interessenten erhalten die derzeit lieferbaren Veröffentlichungen der KBSt und weiterführende Informationen zu den Dokumenten bei Bundesministerium des Innern Referat IT 2 (KBSt) 11014 Berlin Tel.: +49 (0) 1888 681 - 2312 Fax.: +49 (0) 1888 681 - 523121 Homepage der KBSt: http://www.kbst.bund.de 1Frau Monika Pfeiffer (mailto: [email protected]) Migrationsleitfaden Leitfaden für die Migration der Basissoftwarekomponenten auf Server- und Arbeitsplatz-Systemen Version 1.0 Juli 2003 Herausgegeben vom Bundesministerium des Innern INHALTSVERZEICHNIS 1 Einleitung ........................................................................ 8 1.1 Über das Vorhaben 8 1.2 Über diesen Leitfaden 9 1.3 Hinweise zur Benutzung des Leitfadens 10 1.4 Hinweise an die Entscheider 12 1.4.1 Grundsätzliche Empfehlungen 12 1.4.2 Fortführende und ablösende Migration 13 1.4.3 Migrationswege 14 1.4.4 Vergleichbarkeit von Alternativen 14 1.4.5 Künftige Schwerpunte 15 1.4.6 Wirtschaftlichkeit 16
    [Show full text]
  • [MS-STANOPOP3]: Outlook Post Office Protocol Version 3 (POP3) Standards Compliance
    [MS-STANOPOP3]: Outlook Post Office Protocol Version 3 (POP3) Standards Compliance Intellectual Property Rights Notice for Open Specifications Documentation . Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages, standards as well as overviews of the interaction among each of these technologies. Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the technologies described in the Open Specifications and may distribute portions of it in your implementations using these technologies or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the Open Specifications. No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation. Patents. Microsoft has patents that may cover your implementations of the technologies described in the Open Specifications. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, a given Open Specification may be covered by Microsoft's Open Specification Promise (available here: http://www.microsoft.com/interop/osp) or the Community Promise (available here: http://www.microsoft.com/interop/cp/default.mspx). If you would prefer a written license, or if the technologies described in the Open Specifications are not covered by the Open Specifications Promise or Community Promise, as applicable, patent licenses are available by contacting [email protected].
    [Show full text]
  • Table of Contents
    Table of Contents Preface .................................................................................................... xiii Part I: The Web Environment Chapter 1—Designing for a Variety of Browsers ...................... 3 Browsers ................................................................................................. 3 Design Strategies .................................................................................... 9 Writing Good HTML ............................................................................. 11 Knowing Your Audience ..................................................................... 12 Considering Your Site’s Purpose ......................................................... 13 Test! Test! Test! ..................................................................................... 13 Chapter 2—Designing for a Variety of Displays .................... 14 Dealing with Unknown Monitor Resolutions ..................................... 14 Fixed versus Flexible Web Page Design ............................................. 19 Accessibility .......................................................................................... 23 Alternative Displays .............................................................................. 26 Chapter 3—Web Design Principles for Print Designers ...................................................................... 28 Color on the Web ................................................................................. 28 Graphics on the Web ..........................................................................
    [Show full text]
  • Tivaware Peripheral Driver Library User's Guide
    TivaWare™ Peripheral Driver Library USER’S GUIDE SW-TM4C-DRL-UG-2.0 Copyright © 2006-2013 Texas Instruments Incorporated Copyright Copyright © 2006-2013 Texas Instruments Incorporated. All rights reserved. Tiva and TivaWare are trademarks of Texas Instruments Instruments. ARM and Thumb are registered trademarks and Cortex is a trademark of ARM Limited. Other names and brands may be claimed as the property of others. Please be aware that an important notice concerning availability, standard warranty, and use in critical applications of Texas Instruments semicon- ductor products and disclaimers thereto appears at the end of this document. Texas Instruments 108 Wild Basin, Suite 350 Austin, TX 78746 www.ti.com/tiva-c Revision Information This is version 2.0 of this document, last updated on August 29, 2013. 2 August 29, 2013 Table of Contents Table of Contents Copyright ..................................................... 2 Revision Information ............................................... 2 1 Introduction ................................................. 7 2 Programming Model ............................................ 11 2.1 Introduction .................................................. 11 2.2 Direct Register Access Model ....................................... 11 2.3 Software Driver Model ............................................ 12 2.4 Combining The Models ........................................... 13 3 Analog Comparator ............................................ 15 3.1 Introduction .................................................
    [Show full text]
  • Linux Certification Bible.Pdf
    Turn in: .75 Board: 7.0625 .4375 VISIBLE SPINE = 1.75 .4375 Board: 7.0625 Turn in: .75 The only guide you need for Linux+ exam success . “This is the all-inclusive Linux+ guide you’ve been looking for.” You’re holding in your hands the most comprehensive and effective guide available for the CompTIA Linux+ 100% — Tim Sosbe, Editorial Director, Certification Magazine COMPREHENSIVE 100% exam. Trevor Kay delivers incisive, crystal-clear explanations of every Linux+ topic, highlighting exam- ONE HUNDRED PERCENT critical concepts and offering hands-on tips that can help you in your real-world career. Throughout, he COMPREHENSIVE Covers CompTIA Linux+ AUTHORITATIVE provides pre-tests, exam-style assessment questions, and scenario problems — everything you need to Exam XK0-001 WHAT YOU NEED master the material and pass the exam. ONE HUNDRED PERCENT Inside, you’ll find complete coverage Linux+ of Linux+ exam objectives Linux+ Master the • Get up to speed on Linux basics and understand the differences material for the between different Linux distributions CompTIA Linux+ • Tackle Linux installation, from planning to network configuration, Exam XK0-001 dual-boot systems, and upgrades Test your knowledge • Get the scoop on managing Linux disks, file systems, and with assessment processes; implementing security; and backing up your system Hundreds of unique, exam-like questions give you a random set of questions each questions and • Learn the ins and outs of configuring the X Window time you take the exam. scenario problems system and setting up a network • Find out how to establish users and groups, navigate Practice on the Linux file system, and use Linux system commands A customizable format enables state-of-the-art • Delve into troubleshooting techniques for the boot you to define test-preparation process, software, and networking your own software preferences • Get a handle on maintaining system hardware, from for question CPU and memory to peripherals presentation.
    [Show full text]
  • The Complete Solutions Guide for Every Linux/Windows System Administrator!
    Integrating Linux and Windows Integrating Linux and Windows By Mike McCune Publisher : Prentice Hall PTR Pub Date : December 19, 2000 ISBN : 0-13-030670-3 • Pages : 416 The complete solutions guide for every Linux/Windows system administrator! This complete Linux/Windows integration guide offers detailed coverage of dual- boot issues, data compatibility, and networking. It also handles topics such as implementing Samba file/print services for Windows workstations and providing cross-platform database access. Running Linux and Windows in the same environment? Here's the comprehensive, up-to-the-minute solutions guide you've been searching for! In Integrating Linux and Windows, top consultant Mike McCune brings together hundreds of solutions for the problems that Linux/Windows system administrators encounter most often. McCune focuses on the critical interoperability issues real businesses face: networking, program/data compatibility, dual-boot systems, and more. You'll discover exactly how to: Use Samba and Linux to deliver high-performance, low-cost file and print services to Windows workstations Compare and implement the best Linux/Windows connectivity techniques: NFS, FTP, remote commands, secure shell, telnet, and more Provide reliable data exchange between Microsoft Office and StarOffice for Linux Provide high-performance cross-platform database access via ODBC Make the most of platform-independent, browser-based applications Manage Linux and Windows on the same workstation: boot managers, partitioning, compressed drives, file systems, and more. For anyone running both Linux and Windows, McCune delivers honest and objective explanations of all your integration options, plus realistic, proven solutions you won't find anywhere else. Integrating Linux and Windows will help you keep your users happy, your costs under control, and your sanity intact! 1 Integrating Linux and Windows 2 Integrating Linux and Windows Library of Congress Cataloging-in-Publication Data McCune, Mike.
    [Show full text]
  • New Features of AWT in Java
    Preface The Abstract Window Tookit (AWT) provides the user interface for Java programs. Unless you want to construct your own GUI or use a crude text-only interface, the AWT provides the tools you will use to communicate with the user. Although we are beginning to see some other APIs for building user interfaces, like Netscape’s IFC (Internet Foundation Classes), those alternative APIs will not be in widespread use for some time, and some will be platform specific. Likewise, we are beginning to see automated tools for building GUIs in Java; Sun’s JavaBeans effort promises to make such tools much more widespread. (In fact, the biggest changes in Java 1.1 prepare the way for using the various AWT components as JavaBeans.) How- ever, even with automated tools and JavaBeans in the future, an in-depth knowl- edge of AWT is essential for the practicing Java programmer. The major problem facing Java developers these days is that AWT is a moving tar- get. Java 1.0.2 is being replaced by Java 1.1, with many significant new features. Java 1.1 was released on February 18, 1997, but it isn’t clear how long it will take for 1.1 to be accepted in the market. The problem facing developers is not just learning about the new features and changes in Java 1.1, but also knowing when they can afford to use these new features in their code. In practice, this boils down to one question: when will Netscape Navigator support Java 1.1? Rumor has it that the answer is “as soon as possible”—and we all hope this rumor is correct.
    [Show full text]