IPLS: And what if the companies were thinking about
their network security in another way?
Often miseused, seldom controlled, the term of
security takes as many various aspects as typical applications exist
into the data processing market. Fully aware of the stakes, IPLS
provides a clear answer to companies facing complex needs.
The Internet increasing and technologies all around opened the networks,
multiplied the accesses and weakened companies data processing.
Editor of communication software packages, files transfers specialist
(EDI, banking transfers…) in AS/400 iSeries environment ,
IPLS attended this revolution, noting day after day all damages
caused by too compartmentalized approaches of the data processing
security. Claude Petitjean, chairman of IPLS, explains that "each
daemon application becomes potential source of network security
flaw. All computer specialists - such as networks managers and development
managers - have to work together to achieve operational solutions
but it is a difficult job for people whose objectives and operating
modes are completely different".
First of all, we remind
that a company - before considering an advanced security - has to
secure its local area network. At present, as the
"latest fashion" is to set up a DMZ, it is important to
remind that it will be useless if the basic security is not operational.
Telling that may look simplistic, but we know from experience that
we have to point out this basic postulate!
Through this web site, IPLS presents its point of
view regarding networks security in IP environment.
We suggest you to follow the GUIDED
TOUR which will enable you to "scan" all
the important points.
Generally, computerized companies have web servers, FTP, files
sharing solutions... As daemons are listening application
servers, they are likely to be attacked so these critical
points need to be secured. An uncontrolled application server
may become a Trojan horse. Some daemons implementations such
as files sharing, FTP server, etc. expose whole or part of
the company's file tree - it implies that an object-oriented
security and its periodic follow-up have to be configured.
IPLS, whose platform and
monitors sending and reception flows (orders, invoices, etc.),
i.e. the customer' critical operations, took the problem at
his source. "As TBT/400 never exposes machine's file
tree, it exempts from implementing the object-oriented security."
It still remains the common risk to all daemons : identity
usurpation. What maximum damage, how to detect it and how
to cure it? "TBT/400 answers it with its concept of dynamic
files (no crushed risk), destructive reading (faster detection
in case of usurped access) and by alerts management (log,
syslog, exit, mail, sms)".
More and more security policy for companies
consists in setting up a DMZ to secure their local area network.
However, it is important to remind that a DMZ is a
good complement to a local area network already secured,
but in no case a DMZ could be a principal access security.
solution provides to the companies which deploy
this architecture the secure chart they are expected to. MultiTBT
provides a server TBT daemon which runs into the DMZ and communicate
with the TBT daemon installed into the local area network.
Server TBT daemon runs in store-and-forward mode which imply
a formal rupture, fundamental element of the real DMZ good