This is an excellent set of articles from two of my IBM colleagues, Martin Lansche and Keys Botzum.
Summary: Security consists of more than just some firewalls at the edge of your network protecting you from the outside. It is a difficult and complex set of actions and procedures that strive to strengthen your systems as much as is appropriate. This article discusses many aspects of security in general, including the IBM® WebSphere® Application Server security architecture, and discusses hardening a WebSphere Application Server environment.
Just waiting for part 2 of the latest article to come out .....