|
|
 |
|
The I-DBC - Xtradyne's IIOP Firewall
 The
product is a turn-key solution for IIOP firewalling and complete
Corba security in mission critical environments.
Xtradyne offers enterprises this application security software
product (IIOP firewall) to eliminate the risks associated with
the deployment of Corba and EJB based applications over the
Internet or other networks outside the firewall. The IIOP DBC
acts as a security gateway (i.e., as a Corba firewall) that can
be integrated transparently into existing systems without any
modification of the existing software system.
|
The I-DBC concentrates all incoming
IIOP traffic on exactly one transport address (1 IP address, 1
port). In order to make Corba/EJB and NAT play together, it
automatically and transparently adapts Corba/EJB object
references (IORs) to NAT translated addresses.  The I-DBC performs SSL encryption and authenticates
clients and servers using a variety of authentication
mechanisms.
For reliable application level firewall security, the I-DBC
performs deep packet inspection for all data streams expected to
be IIOP messages and blocks all traffic with incorrect,
malformed, or malicious content. The I-DBC protects the internal
network and applications infrastructure from attacks, the
Corba/EJB applications from misuse and unauthorized access, and
the IIOP messages in transfer over the outside network from
exposure and tampering.
The product ensures a high degree of security by performing
strong authentication, authorization, auditing, and reliable
encryption. It enables easy Corba security management by offering
centralized policy administration. The product enables
application end-to-end security. For a general introduction, see
our white paper. For functional details, see the
feature list.
The product - in particular the IIOP proxy component - has been
designed and implemented following well established firewall
design principles and implementation practices.  It adds an additional layer of security for
defense-in-depth to multi-tier applications, not only in
scenarios with IIOP end-to-end, but also in typical J2EE
scenarios.
For J2EE Web applications, the I-DBC constitutes an additional
security barrier between the Web Server and the EJB server,
providing reliable security for the business logic in the EJB
server even in the case of successful attempts from the Internet
to take over the Web Server (see our white paper on J2EE security with the
I-DBC).
|
A Complete Quality Solution:
Transparency, Performance, Scalability,
High-AvailabilityXtradyne's Corba firewall (I-DBC) easily
integrates with a company's existing network infrastructure and does
not require any modifications to existing applications. The software
provides ultimate deployment flexibility. High availability is
supported through full support for clusters (for details see our
white paper on high-availability and
scalability).
Xtradyne's IIOP firewall product is delivered with all software
components necessary to operate a corporate IIOP firewall
(application-level gateway), including a bastion host component, the
Xtradyne Security Policy Server, and the Xtradyne Administration
Console. For details, see the product data sheet.
For environments with a variety of installed software middleware, the
IIOP DBC offers full support to be deployed together with Xtradyne's
WS-DBC, the Web Services Domain Boundary Controller, thus saving
investments in scenarios that require security for both technologies.
 printable version
|
