![]() But limited user interaction and standardized application awareness can add significant security benefits, particularly for user (vs. It is desirable to hide underlying security from user interaction and application dependencies. One issue you need to consider is how separated security should be from user interaction and applications. In most cases, you will need to use multiple technologies and consider tradeoffs based on manageability, scale, intended users, risk and cost issues. Most enterprises need to start extending Web access to host systems and applications now.Ĭhoosing Technology Needs to Fit the PurposeĬurrent security technologies vary widely in maturity, adoption and vendor support. But few organizations can wait for all these technologies to mature, be integrated with legacy environments for access control or be fully deployed. Public Key Infrastructure (PKI), strong user authentication with smart cards and X.509 certificates, and unified or synchronized enterprise directories using Lightweight Directory Access Protocol (LDAP) for managing authentication have great future potential. Extending access on the Web requires some changes. Finally, traditional firewalls attempted to define a rigid perimeter boundary, with very limited access across it. High-security environments have used token devices based on time synchronization and challenge-response technology for strong two-factor user authentication. They have relied heavily on cleartext login ids and passwords for user authentication. The problem is that none of these legacy access control methods are very well-suited to the extended Web-oriented access environment, at least without some changes and additional protection. For other legacy hosts, using the native management and access controls may also be your best choice, unless you are building a completely new Web application integrating multiple backend sources. For direct mainframe access, the preferred management and control point is still trusty RACF, ACF or TopSecret – supplemented by granular data access controls embedded in legacy application logic, DB2, CICS and other systems. To create a cost- and time-effective Web-to-host security solution, you need to leverage your legacy investment in security just as you leverage legacy applications and systems as a backend for new Web information access demands. For a good recent overview on these topics, read "Your Security Umbrella: Integrating Encryption, Authentication and Access Control," in the April 1999 issue of ESJ (page 54).Īnother very important consideration is that Web-to-host security also needs to fit into your security policy management, strategic technology direction and current infrastructure. And it must be built on appropriate components, such as strong cryptography. Depending on architecture, it must provide authorization at a gateway server, at the host, or both. It must provide privacy, user authentication and connection integrity. This calls for Web-to-host solutions that address both the opportunities and the challenges of Internet computing – solutions that allow you to quickly convey information to trusted individuals and still secure every host connection.Ī Web-to-host security solution must fulfill security fundamentals. Given the tremendous business potential of Web technologies, however, the question is not whether to use these technologies, but how to use them with the right security controls. Web-to-host access opens up business-critical enterprise data and applications to new communities of internal and external users, and may move sensitive, private information over the public Internet. These alternatives to traditional green screen access can provide significant cost of ownership advantages. As management, LOB users, business partners and customers demand Web access into vital enterprise systems, security is fast becoming the number one concern facing IT professionals.īecause so much enterprise information resides on mainframe host systems, one very attractive way to extend data access is through "Web-to-host" technologies. The traditional boundaries of enterprise computing are expanding beyond internal and external Web sites to include wide area intranets, extranets and the Web. Sharing core enterprise data with employees, alliance partners and customers is becoming a prerequisite for successful business activities in the new electronic economy. There is a revolution happening in the enterprise … a revolution in data access. Safety in Cyberspace: Planning Effective Web-to-Host Access Security
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |