Stoneware webNetwork 5e2

Stoneware webNetwork Security

Security

Often called the "second" question, there is no corporate computing conversation today that does not include a discussion regarding security. In every business problem that we attempt to solve with technology, there is a fundamental element of security that surrounds it. This being the case, it is of critical importance that everything application and service that is accessed through the webNetwork System is secured. Stoneware's webNetwork provides SSL encryption, access control, and authentication for all applications and services that are presented through the product.

  • Two-tier Server/Relay Architecture
  • Application Security
  • Directory Service Authentication
  • Directory Integrated Access Control
  • Single Sign-on
  • Pipeline Services
  • Two-factor Authentication
  • Desktop Authentication

All integrated applications and services are protected through Stoneware's unique two-tier Server/Relay architecture (see diagram below). The combination of servers for communicating with internal applications and data while the relay creates a secure SSL entry point for end users eliminates many of the configuration and security frustrations organizations have with typical security appliances.



Users access services and applications through the webNetwork Relays (entry points) while the relays request access to internal resources via the webNetwork Server(s). This two-tier design provides several significant benefits:

  • Users will never communicate with a device that has direct access to an application or service
  • Allows for multiple entry points (webNetwork Relays) into the system without the purchase of additional product
  • Allows organizations to move their application, data, and web servers back inside the corporate network
  • Leveraging Pipeline technology, all communications to applications and services are made through a single port in the internal firewall

Other security features and benefits are listed below:


Application Security - webNetwork secures access to all your organization's applications. Applications specific security includes:

  • Clientless SSL VPN for web applications, portals, and services
  • Terminal Server Proxy and VPN
  • Citrix Proxy, VPN, and HTTPS Gateway
  • Telnet and VNC Gateway
  • Application SSL VPN for Client-Server Systems

Directory Service Authentication - Stoneware's webNetwork leverages your organization's directory service infrastructure for authentication of employees, customers, and partners. Users accessing the system will need to provided their network credentials in order to access applications and services via webNetwork. Support includes:

  • Directory Service Authentication against Microsoft Active Direcotry, Novell eDirectory, OpenLDAP, and Local Directory
  • Abides by grace, login, and concurrent user restrictions set in directory services
  • Configure login policies to utilizes other directory service attributes for authentication

Directory Integrated Access Control - webNetwork utilizes the existing structure defined within your directory service to manage access to webNetwork applications, services, and resources. Integration points include:

  • Assign webNetwork applications and services to network users and groups
  • Grant access with the same management interface used to manage the network
  • Allows help desk personnel to provision Intranet/Extranet resources
  • Reduces the Total Cost of Ownership by eliminating the need for another security database

Pipeline Services - Stoneware's Pipeline Service allows all application traffic to pass through a single port configured within the internal firewall. This advanced architecture makes it possible to deploy new web applications and network services without compromising the internal firewall configuration.

  • Access all internal applications and services opening a single port in the firewall
  • Simplify firewall management by configuring a single port for all services
  • Creates a "Dual-DMZ" through the webNetwork two-tier architecture
  • Security appliance in DMZ does not communicate directly will applications or services

Two-factor Authentication - Supports the use of mutli-factor authentication to create a higher grade of access to the webNetwork System. Users are forced to provide authentication credentials in addition to a second factor through third party security products. Token support includes:

  • SecurID Tokens
  • ActivCard Tokens
  • Stoneware's USB Authentication
  • Biopassword's biometric authentication

Single Sign-on - Simplify user access to applications and services while reducing management costs by leveraging Stoneware's single sign-on technology. Stoneware's webNetwork provides complete single sign-on capabilities allowing users to access all of their applications and services using only their network login credentials. Single Sign-on capabilities include:

  • Single Sign-on for web applications via BASIC, NTLM, and FORM authentication methods
  • Single Sign-on for Microsoft Terminal Server and Citrix Presentation Server
  • Single Sign-on to "published" Windows Applications
  • Single Sign-on to File Servers, Databases, Remote Desktops, and VNC Desktops
  • Lockbox technology for storing credentials to systems that utilize their own security database

Desktop Authentication - Desktop Authentication simplifies user access to the webNetwork system by seamlessly authenticating the user from their desktop directly into webNetwork 5e2 without prompting for credentials. Desktop Authentication Benefits:

  • Seamless webNetwork access based on network credentials
  • Limits webNetwork authentication to the logged in user
  • Users are not prompted to continuously log into the system
  • Automatically authenticated when workstation is logged in