NEXOR's New Directory Boundary Agent (DBA) overcomes security risks to corporate directories. Submitted by: LVA Corporate Consultants UK Friday, 11 December 1998
- DBA provides reliable, secure, cost-effective protection of directories. - DBA offers a single point of administrative control - Based onTABARDIUM software licenced from UK Defence Evaluation and Research Agency and pre-evaluated to Security Assurance Level ITSEC E3. NEXOR, the international provider of mission-critical messaging and directory products, today announced its Messageware Directory Boundary Agent (DBA) which allows Lightweight Directory Access Protocol (LDAP) directory systems to connect securely into meta-directories and the Internet, without compromising data privacy. The recent emergence of Public Key Infrastructures (PKI) and Directory Enabled Networks (DEN) means that corporate networks have grown increasingly dependent upon their directory infrastructures. At the same time, the lack of a common security model for directory application software has, until now, exposed most organisations to security risks. NEXOR's DBA at last provides directory administrators with an application-level firewall which enables them to connect two separate networks or administrative domains (eg Internet and Intranet) via special-purpose protocol handlers (or 'proxies') at the network and an administrative boundary domain. DBA achieves this by mediating access to meta-directory systems across a network domain boundary, using the LDAP protocol. In order to guarantee the security of the firewall technology in its new DBA, NEXOR has chosen to incorporate the TABARDIUM software licenced from the UK Defence Evaluation and Research Agency (DERA). This has been pre-evaluated to the Security Assurance level ITSEC E3, on behalf of DERA, by a Certified Licensed Evaluation Facility. By incorporating DBA into the corporate directory infrastructure, machines in the guarded domain are not visible by external users. In addition, only those users on specified machines are allowed access to the LDAP service. Furthermore, administrators can configure which LDAP operations are to be supported for both inward and outward directory requests. For auditing purposes, every audit message is pre-fixed with a date/time stamp and all packets passing through the DBA are recorded. Commenting on this significant announcement, Stephen Kingan, Chief Executive of NEXOR, said: "Organisations in industries demanding high levels of messaging security, such as defence, government and banking, are becoming increasingly dependent on their directory infrastructures, especially with the emergence of a Public Key Infrastructure (PKI) using X.509 certificates. Existing directory application software is not evaluated and is therefore potentially insecure. For some time now, organisations such as these have been seeking a reliable, secure and cost-effective means of defending their PKI. Our new Directory Boundary Agent offers the solution to this problem by providing a firewall or guard approach at the domain boundary to allow directory systems to connect securely in those domains." - ends -
Page 1 For further information, please contact: Colin Robbins NEXOR Limited 0115 952 0500 [email protected]