|
|
 |
|
IIOP DBC - the Corba Firewall and Java-RMI
Firewall
| General
Features |
| Full firewall security for IIOP traffic |
No need to open whole port ranges for Corba or
EJB access, concentration of all IIOP traffic to 1 transport
address (1 port on 1 IP address), deep packet inspection.
|
| Corba security without programming |
Transparent integration into your network
infrastructure. No application code changes are required.
|
| Vendor independence |
Independent of specific IIOP middleware
products, ensuring interoperability with all Corba and EJB
compliant server products.
|
Transparent support for network address
translation
|
With the I-DBC, Corba and EJB applications work
seamlessly together with NAT-Routers in all possible scenarios
and without special configuration of the applications.
|
| Unified security management |
Security management of heterogeneous Corba and
EJB servers can be centralized instead of managing island
solution for each server.
|
| Simple intuitive security administration |
The I-DBC comes with a convenient and
easy-to-use graphical user interface.
|
| Expressive and powerful security policy
model |
Detailed and fine-grained security policies can
be defined to control authentication, authorization, and audit.
Authorization policies are based on concepts such as groups,
roles, authentication levels, etc..
|
| High-performance and throughput, low
latency |
Complete performance optimized native code
implementation.
|
Linear scalability,
High-availability |
The I-DBC supports several clustering
technologies for load balancing and high-availability.
|
| Individual Traffic Shaping |
Allows to limit the available bandwidth for
individual clients to guarantee fairness and service availability
for all users. |
| Security
Features |
| fine-grained, role-based access control |
The I-DBC provides advanced policy concepts
that let administrators write policies that are both expressive
and scalable. Access control can be enforced at the level of
individual objects, and at their single operations, too.
|
| Rich set of authentication mechanisms |
The following authentication mechanisms are
supported: X.509, RSA SecurID, UserID/Password schemes, IP
addresses, public.
|
| Message confidentiality |
TLS/SSL encryption to protect messages against
eavesdropping and single block analysis.
|
| Message filtering |
Administrators can conveniently define
expressive message filters to enforce content-based access
control and thus thwart application-level attacks, such as SQL
injection.
|
| Transport security |
TLS/SSL for all communication links,
additionally IP-based authentication.
|
| Deep Packet Inspection |
Message header inspection and enforcement of
message size limitations.
|
| Security Policy Server |
Centralized security management with separate
enterprise policy server component, which can be securely
deployed in a trusted network.
|
| Traffic Overflow Control |
Safeguards against certain Denial-of-Service
attacks.
|
| Online Certificate Status Protocol
(OCSP) |
OCSP is supported to check for credential
revocations.
|
| Corba Standards |
The I-DBC fully supports the following Corba
standards: OMG Corba 2.3 - 3.0, Support for GIOP/IIOP protocol
versions 1.0, 1.1, 1.2, 1.3 including support for Bi-Directional
GIOP, Java RMI over IIOP, Corba Interoperable Name Service
(INS).
|
| Management
Features |
| Easy import of EJB role definitions |
Convenient import facility for EJB deployment
descriptors.
|
| Easy import of IDL interface definitions |
Convenient import facility for IDL interface
definitions to simplify the definition of access control policies
and the definition of message filters to enforce content-based
access control.
|
| Support for multiple, concurrent
administrator access and role-based administration rights |
The I-DBC is designed for enterprise deployment
and fully supports concurrent administrator access, which is
controlled by role-based definition of administrator
permissions.
|
| Auditing and Monitoring |
The I-DBC provides command line interfaces and
graphical user interface features for run-time auditing and
monitoring.
|
| SNMP Support |
Audit events can trigger SNMP traps to allow
for integration with System Management tools.
|
| Secure logging |
Logging mechanisms are separated from
enforcement mechanisms and protected in the policy server.
|
| Policy versioning and rollback |
The I-DBC internally versions policy and
configuration data and supports rollbacks to previous versions in
case of administrator errors.
|
 printable
version
|
|
