Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Security zones
The following list describes some types of network security zones that can be ap
plied to an organization.
Internet (uncontrolled zone)
Typically, the uncontrolled zone is the portion of the global Internet that is o
utside the boundaries of your organization. The untrusted zone is the most vulne
rable to security breaches because there might be few or no controls in place to
block intrusions to your intellectual property.
Do not install Tivoli Identity Manager components in an uncontrolled part of the
network. Do not allow Tivoli Identity Manager components to communicate with on
e another across an uncontrolled network without using secure communication mech
anisms such as SSL authentication.
Internet DMZ (controlled zone)
The Internet DMZ is an Internet-facing controlled zone that contains components
with which clients may directly communicate. The Internet DMZ provides a buffer
between the uncontrolled internet and your internal networks. This zone is typic
ally bounded by two firewalls, which enable you to control:
Incoming traffic from the internet to hosts in the DMZ
Outgoing traffic from hosts in the DMZ to the internet
Incoming traffic from internal networks to hosts in the DMZ
Outgoing traffic from hosts in the DMZ to internal networks.
Access control software can be deployed in the DMZ to control and monitor user a
ccess to resources in restricted and other controlled zones. Tivoli Identity Man
ager integrates with access control software, such as Tivoli Access Manager, to
protect access to the HTTP server that is used by the Tivoli Identity Manager Se
rver. The access manager product you implement should work with the bounding fir
ewalls to enable secure connectivity to Web clients without directly exposing Ti
voli Identity Manager components to potential attacks from the internet. For exa
mple, a user should be able to authenticate to the access management server, and
the access management server then determines which Web applications the user is
authorized to use.
If you do not intend to use integrated software to control access to the Tivoli
Identity Manager Web server, you can increase data security using reverse proxy
servers in each Internet DMZ. Each reverse proxy server can connect across a fir
ewall to the Web server, which resides in a more restricted intranet zone.
Production network (restricted zone)
A restricted zone supports functions to which access must be strictly controlled
; direct access from an uncontrolled network should not be permitted. In a large
enterprise, several network zones might be designated as restricted. As with an
internet DMZ, a restricted zone is typically bounded by one or more firewalls t
hat filter incoming and outgoing traffic.
Plan to place your Tivoli Identity Manager Server components as well as your bac
k-end servers (that do not directly interact with users) in a restricted zone.
Intranet (controlled zone)
Typically, a controlled zone, such as a corporate intranet behind one or more fi
rewalls, is not heavily restricted in use, but an appropriate span of control is
in place to assure that network traffic does not compromise the operation of cr
itical business functions.
You might need to place certain Tivoli Identity Manager components, such as the
database server or directory server, in the intranet network to maximize the per
formance of data throughput or the availability of certain components or applica
tions. In such cases, ensure that you do not compromise security in accessing th
ese components or in the data flow between the components.
Management network (secured zone)
In a secured zone, access is tightly controlled and available to only to a small
number of authorized users. Access to one area of the zone does not necessarily
apply to another area of the zone.
Depending on your security requirements, you can establish a secured zone that a
llows certain personnel to access specific Tivoli Identity Manager functions and
tasks.
Figure 9 illustrates how Tivoli Identity Manager can be deployed in an enterpris
e environment with different security zones. In this illustration, an access con
trol product, such as Tivoli Access Manager, controls access to Tivoli Identity
Manager functions that are made available through the Web server. In this scenar
io, the Tivoli Identity Manager Server uses back-end servers to store data in a
different security zone. In this case, the communication link should use encrypt
ion and authentication to protect the data flow.
Figure 9. Tivoli Identity Manager deployed in an access controlled environment
For more information about security planning, see Enterprise Security Architectu
re using IBM Tivoli Security Solutions, SG24-6014, available through the IBM Red
books Web site.