Stoneware webNetwork

Security

Often called the "second" question, there is no corporate computing conversation today that does not include a discussion regarding security. In every business problem that we attempt to solve with technology, there is a fundamental element of security that surrounds it. This being the case, it is of critical importance that everything application and service that is accessed is secure. webNetwork's unique two-tier architecture to secure and encrypt all communications between from the remote user and the backend systems.

  • Two-tier Server/Relay Architecture
  • SSL Encryption
  • Directory Service Authentication
  • Directory Integrated Access Control
  • Pipeline Services
  • Two-factor Authentication

The unique two-tier server/relay architecture provides secure access to users requesting internal network applications and resources (see diagram below). The Stoneware Relays are positioned in the corporate DMZ and acts as secure entry points into the system. The relays will pass requests from the users to the Stoneware Servers located inside the corporate network. From their trusted position, the servers will forward the requests to the appropriate application server and wait for a response to send back to the browser via the Stoneware Relay.



It is this unique architecture that allows organizations to pull their web and application servers out of the DMZ and back into their trusted corporate network.

  • Users will never communicate with a device that has direct access to an application or service.
  • Allows for multiple entry points (Relays) into the system without the purchase of additional product.
  • Allows organizations to move their application, data, and web servers back inside the corporate trusted network.
  • Leveraging Pipeline technology, all communications to applications and services are made through a single port in the internal firewall

Other security features and benefits are listed below:


SSL Encryption - Stoneware Relays will encrypt all communications to and from the users.

  • 128 bit Secure Socket Layer (SSL) Encryption.
  • Supports upstream encryption devices.
  • HTTP to HTTPS redirection ensures users connect via SSL.
  • Removes the need to purchase and install SSL certificates web application servers.
  • Supports wildcard certificates to reduce SSL management and costs.

Directory Services Authentication - Leverages an organization's investment in directory services by utilizing a user's network identity as their authentication credentials. Organizations will increase security and reduce the Total Cost of Ownership by maintaining a single authentication source.

  • Directory Service Authentication against Microsoft Active Direcotry, Novell eDirectory, OpenLDAP, and Local Directory
  • Abides by grace, login, and concurrent user restrictions set in directory services
  • Configure login policies to utilizes other directory service attributes for authentication

Directory Integrated Access Control - Leverages an organization's existing directory service to secure, manage, and configure the system.

  • Supports Microsoft Active Directory, Novell's eDirectory, Apple's Open Directory, OpenLDAP, and ApacheDS.
  • Manage access to application and resources based on user, group, or organizational policies.
  • Reduces the Total Cost of Ownership by eliminating the need for another security database

Pipeline Services - Stoneware's Pipeline Service allows all application traffic to pass through a single port configured within the internal firewall. This advanced architecture makes it possible to deploy new web applications and network services without compromising the internal firewall configuration.

  • Access all internal applications and services opening a single port in the firewall
  • Simplify firewall management by configuring a single port for all services
  • Creates a "Dual-DMZ" through the webNetwork two-tier architecture
  • Security appliance in DMZ does not communicate directly will applications or services

Two-factor Authentication - supports the use of mutli-factor authentication to create a higher grade of access to the system. Users are forced to provide authentication credentials in addition to a second factor method from third party security products.

  • SecurID Tokens
  • ActivCard Tokens
  • Stoneware's USB Key Authentication
  • Biopassword's biometric authentication