Firewalling IIOP - a Problem and the Solution
| Traditional firewall technology, such as packet filtering and stateful inspection, does not provide the means to securely run CORBA and EJB based distributed applications through existing firewall installations: CORBA and EJB middleware do not work together with traditional firewall concepts, and traditional firewalls do not provide application level security, such as fine-grained access control. |
|
There are two obvious problems for the use of the Internet Inter-ORB Protocol (IIOP) across today's firewalls:
- The dynamic allocation of addresses by Corba and EJB middleware
makes it difficult to know in advance the host and port addresses
used for transactions.
Thus, firewall administrators
cannot set firewall rules for the passing of IIOP traffic through
firewalls that allow IIOP to pass but do not weaken the existing
firewall's security. - The addressing information of Corba objects and Enterprise Java
Beans, contained in the object references, is invalidated when
crossing a Network Address Translating router or firewall.
The only viable solution for the problems and requirements mentioned above is an application level firewall component for the enterprise's firewall installation, an IIOP security gateway.
Xtradyne provides the only complete and middleware independent turn-key solution for IIOP firewalling and Corba/EJB server security in high-security, high-availability, and high-performance environments.
