Different Datapower security scenarios:
- Datapower typical security - solves the issues below
- Cross Enterprise Inter-operation -
- Federated Interoperability -
- Human and automated service invocations -
- Dynamic service binding -
- Global architecture layers impact -
- Datapower as a XML firewall
- While developing internet facing applications, the concept of DMZ is very important - this is the place where a hardened bastion host is placed between 2 firewalls.
- Below is the standard topology - without Datapower
- The WebServer - does almost nothing
- Most of the work is done by Webservices Gateway
- Using It is the most hardened device available in the market.
- the role of Datapower within the DMZ is that it needs to be able to stop any incoming request and provide authentication and authorization - depending on Business Requirements.
- Eliminates the Web Server and the Web Services Gateway
- More secure - easy to manage
- Below are a few of the protection which Datapower provides -
- XDOS
- well formedness
- verify digital signature
- signing messages
- implementing service utilization to mask internal resources via XML transformation and routing
- encrypting data at the field level
- Three basic types of Firewall
- Static backend
- Dynamic backend
- Loopback
- Recommendation: All internet-facing systems that provide for inbound Web services, requests should use Datapower as their XML firewall, even when performance or security is considered unimportant.
- Recommendation: DataPower should be used as the policy enforcement point for Web services authorization. It should interact with a central policy decision point, such as Tivoli Access Manager.
No comments:
Post a Comment