Third party integration using webservices

Document Purpose

This document defines the standard for ensuring the protection of networks, network elements and associated systems that compose them, ensure availability of services, confidentiality and integrity of information stored and transported, and to avoid the possibility of fraud and abuse in the networks or services used to connect and share information with third parties.

Scope

Arises from the need to publish internal information services (Webservices) for consumption and / or shared to outside entities that provide services to organization. However, this publication must meet safety guidelines and good practice architecture following the guideline given below.

Definitions

Objectives:

  • Relay in DMZ to access Internal Information Service
  • Solution deployment such as Reverse Proxy or the DMZ Relay Service.
  • Secure access to core services
  • Access control to services for consumption by outsiders.
  • Reuse of existing platform (possibility)

Requirements

The following diagram shows the architecture of the solution (generic), showing the Gateway component to publish the service. This component must serving only passthrough tasks without making further processing of the request / response service; however is a component that physically decouples the outside access from the internal systems. The physical location of the component must be in the DMZ, with proper access control systems that access to it.

Possible implementation solutions:

  • Dedicated reverse Proxy
  • Load Balancer configuration capable URL relay URL
  • XML Gateway Appliance
  • Web Server shared Reverse Proxy

Security

Because the platform is in the DMZ:

  • Security at the Edge by firewall (IP: Port)
  • Depending on the solution HTTP-Basic key / password
  • HTTPS encryption channel
  • One month historical logs (log indicating at least origin and destination of the connections taken and locked)
  • Access restricted due to policies by the Proxy

Reports

  • Connection attempts blocked

Social tagging:

Deja un comentario