+

Search Tips   |   Advanced Search

WebSphere DMZ Secure Proxy Server for IBM WAS


The DMZ Secure Proxy Server for IBM WAS can be used to provide a secure platform for the proxy server.

New feature: The DMZ Secure Proxy Server for IBM WAS installation allows you to install the proxy server in the DMZ, while reducing the security risk that might occur if we choose to install an application server in the DMZ to host a proxy server. The risk is reduced by removing any functionality from the appserver not required to host the proxy servers, but that could pose a security risk. Installing the secure proxy server in the DMZ rather than the secured zone presents new security challenges. However, the secure proxy server is equipped with capabilities to provide protection from these challenges

The following capabilities are available to harden the security of the DMZ Secure Proxy Server for IBM WAS and to determine the level of security to assign.

When creating the DMZ Secure Proxy Server for IBM WAS, we can choose any of the default security levels: High, Medium or Low.

The High DMZ security level cannot be used for SIP proxy servers, because static routing cannot be used for the SIP proxy server.

In addition to these predefined settings, we can customize the settings to better serve the requirements. If we choose to customize the settings, the DMZ Secure Proxy Server for IBM WAS will still be assigned a qualitative categorization of the security level called the current security level. Each custom setting has been assigned a value of High, Medium or Low. The current security level is equal to the value of the least secure setting being used. To achieve a current security level of High, only settings assigned the high value can be configured. To achieve a current security level of Medium, only settings with values of High or Medium can be used. A current security level of Low will be used if any settings that are assigned the value of Low are set.

An additional change to enhance the protection for the DMZ Secure Proxy Server for IBM WAS is the switch from a Java Development Kit (JDK) to a Java Runtime Environment (JRE). Switching from a JDK to a JRE removes the inclusion of a compiler on the installation. This change is beneficial because the compiler could possibly be used for malicious purposes in the event of a security breach.



 

Related tasks


Set a DMZ Secure Proxy Server for IBM
Set up the proxy server