webNetwork: Security

Often called the "second" question, there is no corporate computing conversation today that does not include a discussion regarding security. In every business problem that we attempt to solve with technology, there is a fundamental element of security that surrounds it. This being the case, it is of critical importance that every application and service that is accessed is secure. webNetwork's unique, two-tier architecture is used to secure and encrypt all communications between user and the backend systems accessed throught the webNetwork cloud.

Diagrams

The unique, two-tier server/relay architecture provides secure access to users requesting internal network applications and resources from the private cloud(see diagram below). The Stoneware Relays are positioned in the corporate DMZ and act as secure entry points into the system. The relays will pass requests from the users to the Stoneware Servers located inside the corporate network. From their trusted position, the servers will forward the requests to the appropriate application server and wait for a response to send back to the browser via the Stoneware Relay.

Security Details

SSL Encryption - Stoneware Relays will encrypt all communications to and from the users.
  • 128 bit Secure Socket Layer (SSL) Encryption.
  • Supports upstream encryption devices.
  • HTTP to HTTPS redirection ensures users connect via SSL.
  • Removes the need to purchase and install SSL certificates web application servers.
  • Supports wildcard certificates to reduce SSL management and costs.

Directory Services Authentication - Leverages an organization's investment in directory services by utilizing a user's network identity as their authentication credentials. Organizations will increase security and reduce the Total Cost of Ownership by maintaining a single authentication source.

  • Directory Service Authentication against Microsoft Active Directory, Novell eDirectory, OpenLDAP, and Local Directory
  • Abides by grace, login, and concurrent user restrictions set in directory services
  • Configure login policies to utilizes other directory service attributes for authentication
Directory Integrated Access Control - Leverages an organization's existing directory service to secure, manage, and configure the system.
  • Supports Microsoft Active Directory, Novell's eDirectory, Apple's Open Directory, OpenLDAP, and ApacheDS.
  • Manage access to application and resources based on user, group, or organizational policies.
  • Reduces the Total Cost of Ownership by eliminating the need for another security database
Pipeline Services - Stoneware's Pipeline Service allows all application traffic to pass through a single port configured within the internal firewall. This advanced architecture makes it possible to deploy new web applications and network services without compromising the internal firewall configuration.
  • Access all internal applications and services opening a single port in the firewall
  • Simplify firewall management by configuring a single port for all services
  • Creates a "Dual-DMZ" through the webNetwork two-tier architecture
  • Security appliance in DMZ does not communicate directly will applications or services
Two-factor Authentication - Supports the use of mutli-factor authentication to create a higher grade of access to the system. Users are forced to provide authentication credentials in addition to a second factor method from third party security products.
  • SecurID Tokens
  • ActivCard Tokens
  • Stoneware's USB Key Authentication
  • Biopassword's biometric authentication