IBM Secure Proxy is a demilitarized zone (DMZ)-based application proxy that protects your file transfers from the public Internet, by enforcing tight controls including trading-partner authorization, multi-factor authentication and session break, before the transfer ever enters your trusted zone.
Remedi offers IBM-certified integration consultants who can implement Secure Proxy and realize benefits that include:
- SSL session breaks and multi-factor authentication – Help guard against unauthorized access and reduce data vulnerability to protect your brand
- Leverage the Internet – Lower your file transfer costs and grow your file transfer community while securing the data and access to your trusted zone
- Firewall navigation best practices – Increases perimeter security for your file transfer infrastructure to comply with regulatory policies and pass tougher security audits
- Self-service logon portal – Provides self-service password management for trading partners reducing the dependency on IT staff
- IBM Secure Proxy is available as licensed on-premises software
IBM Secure Proxy Product Description
Application Proxy
- Resides in the demilitarized zone (DMZ)
- Supports IBM® Connect:Direct®, IBM® Connect Express® and IBM® B2B Integrator servers
- Support for multiple DMZ environments
- Supports FTP, FTPS, HTTP, HTTPS, SSH/SFTP, PeSIT and Sterling Connect:Direct protocols
- Supports use of a FIPS 140-2 compliant data encryption module
Firewall Navigation Best Practices
- Prevents inbound holes in the firewall
- Minimizes rich targets in the DMZ by ensuring that files, user credentials, and data are not stored in the DMZ
- Establishes sessions from more-trusted to less-trusted zones
- Enforces internal and external security policies
Perimeter Security
- Prevents direct communications between external and internal sessions by establishing secure session breaks in the DMZ using SSL or TLS
- Inspects protocol and sensitive control information, enabling configurable error handling for violations
- Session limits and data encryption guard against Denial-of-Service attacks
Authentication Services
- Customizable logon portal provides self-service password management for trading partners
- Supports single sign-on and integrates with existing security infrastructure, including Active Directory and Tivoli user databases
- Multifactor authentication enforces tight controls and validation of trading partner identity in the DMZ before information is passed to the trusted zone
- Authentication options include IP address, user ID and password, digital certificates, SSH Keys, RSA SecurID
Clustering
- One central configuration manager pushes out configuration rules to multiple engines running in the DMZ, making it easy to scale
- Clustering for high availability and load balancing provides operational continuity and improved performance