Advanced edge security for your multienterprise data exchanges
IBM® Sterling Secure Proxy (SSP) helps secure and shield your trusted network by preventing direct connectivity between external partners and internal servers. It can secure your network and data exchanges at the network edge to enable trusted business-to-business transactions and MFT file exchanges. As a demilitarized zone (DMZ)-based proxy, Sterling Secure Proxy uses multifactor authentication, SSL session breaks, closing of inbound firewall holes, protocol inspection and other controls to ensure the security of your trusted zone.
IBM Sterling Secure Proxy (SSP) offers:
- Firewall navigation best practices to provide perimeter security for enhanced protection of your data and trusted zone.
- Authentication services for multifactor authentication before connection to backend systems.
- Proxy support for the high-speed add-on for IBM Sterling Connect:Direct® with bridging for z/OS platforms.
- Advanced proxy functions to better secure edge-based file exchange.
- Support for dynamic routing that simplifies infrastructure changes saving time and reducing risk during migrations.
Firewall navigation best practices
- Helps prevent inbound holes in the firewall.
- Reduces rich targets in the DMZ by helping to ensure that files, user credentials and data are not stored on physical drives in the DMZ.
- Establishes sessions from more-trusted to less-trusted zones.
- Enforces compliance with internal and external security policies and enables companies to pass security audits more easily.
- Helps prevent direct communications between external and internal sessions by establishing security-rich session breaks in the DMZ using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connections.
- Provides a customizable logon portal with self-service password management for trading partners.
- Supports single sign-on and integration with existing security infrastructure, including Active Directory, LDAP and Tivoli® user databases.
- Uses multifactor authentication to enforce tight controls and validation of trading partner identity in the DMZ before internal sessions are established to the trusted zone.
- Includes authentication options for IP address, user ID and password, digital certificates, SSH keys and RSA SecurID.
- Offers one central configuration manager that delivers configuration rules to multiple engines running in the DMZ, facilitating easier scalability.
Proxy support for the high-speed add-on
- Supports IBM Sterling Connect:Direct on its distributed platforms.
- Bridging support enables high-speed add-on support for z/OS versions of Connect:Direct.
Advanced proxy functions
- Compatible with layered or multiple DMZ environments; resides in the DMZ to validate connections and help prevent unauthorized access.
- Supports high-availability and load-balanced clustered environments for improved business continuity and optimal performance.
- Inspects protocol and sensitive control information and supports configurable error handling if violations are detected; provides session limits and data encryption to guard against denial-of-service attacks.
- Supports FTP, FTPS, SCP, HTTP, HTTPS, Applicability Statement 2 (AS2), Secure Shell/Secure File Transfer Protocol (SSH/SFTP), Protocol d’Echanges pour un Systeme Interbancaire de Telecompensation (PeSIT) and Sterling Connect:Direct protocols.
- Includes a Federal Information Processing Standard (FIPS) 140-2-compliant data encryption module with the option to force “strict FIPS mode” communications.
Support for dynamic routing
- Allows information in the user's store to determine which backend system the connection is made to after authentication.
- Saves time and insulates the external user from system migration or maintenance.