System Deployment
Network Security in Rules Palette Environment
When using the Rules Palette on a network, there are many security issues to take into consideration, especially the use of firewall and VPN technologies. A firewall will permit or deny network permissions based on configured rules, to protect the internal network from unauthorized access, while permitting legitimate communications. Firewalls perform the following functions in a typical environment:
- Guard the company Intranet from unauthorized outside access.
- Separate Intranet users accessing the system from internal sub networks where critical corporate information and services reside.
- Protect from IP spoofing and routing threats.
- Prohibit unauthorized users from accessing protected networks and control access to restricted services.
This application has three components:
- Rules Palette interface that is a Windows-based GUI application installed on client machines
- Browser-based Web Application Utility that is installed on an application server
- Upgrade utility that is a Windows-based GUI application
It is highly recommended that users access the application from within the company network, secured behind the outside firewall. Virtual Private Network (VPN) technology should be used to provide remote employees with access to the application. A VPN tunnels outside traffic through the firewall, placing outside clients virtually inside the firewall.
Figure 1. Firewalls in the application environment
A typical application environment usually has the following security zones:
- Internet - External web service clients that may come from outside of the company network.
- Intranet - A company network separated by the external firewall that gives home users access to the databases through the Rules Palette and the Web Application Utility user interface.
- Application server and database zone - Application servers, including the Web Application Utility, and the database reside in this zone. Access to the database that holds critical client information must be secured, with access restricted to system and database administrators only.
If the Rules Palette application must be used outside of the firewall, several ports need to be opened in the firewall. Ports for the Web Application Utility, the associated OIPA application, and both the application and IVS databases need to be opened. All of these are defined during setup of the environment.