Security technologies - IBM Websphere

We describe several security technologies that can be used when deploying applicationsthat need to be accessed from the Internet.

Reverse proxy server

A reverse proxy, a common form of a proxy server,is generally used to pass requests from the Internet through a firewall to isolate private networks. It is used to prevent Internet clients from having direct, unmonitored access to sensitive data residing on internal servers on an isolated network,or intranet.One advantage of using a reverse proxy is that Internet clients do not know that their requests are being sent to and handled by a reverse proxy server, which allows a reverse proxy to redirect or reject requests without making Internet clients aware of he actual content servers on a protected network.

Reverse proxy server

Reverse proxy server

Firewalls

A firewall is a system that enforces an access control policy between two or more networks. The actual means by which this enforcement is accomplished varies widely.In principle, the firewall can be thought of as a pair of mechanisms: one exists to block traffic, and the other exists to permit traffic. The most important thing to recognize about a firewall is that it implements an access control policy.

Firewalls section off different communication zones to the Internet. These zones are called demilitarized zones (DMZs).In the context of firewalls, the DMZ refers to a part of the network that is neither part of the internal network nor directly part of the Internet.Typically, this zone is the area between your Internet connection and your host server, although it can be between any two policy-enforcing components of the network.

DMZ example

DMZ example

Network Address Translation

Network Address Translation (NAT) is a commonly used IP translation and mappingtechnology.It is a technology that allows networks to use other networks or share Internet access. Using a device or piece of software that implements NAT allows an entire network to share a single Internet connection over a single IP address.Additionally, NAT keeps the network fairly secure from hackers by hiding the private IP address.

Network Address Translation

Network Address Translation

NAT acts as an interpreter between two networks.In the case of an organization, it can sit between the Internet and your internal network. The Internet is considered the public side and the internal network is considered the private side. When a computer in the private side requests data from the public side, the NAT device will open a little conduit between your computer and the destination computer.When the public computer returns results from the request,the results are passed back through the NAT device to the requesting computer.

Port Address Translation

Port Address Translation (PAT) provides a similar functionality to NAT, but PAT is a more specific tool. PAT forwards requests for a particular IP address and port pair to another IP address and port pair, as in Figure below.This feature is commonly used with a reverse proxy scenario to hide all the content server’s physical details.

Port Address Translation

Port Address Translation


All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

IBM Websphere Topics