E-XPERT G ATE

WHITE P APER
CUSTOMER any
CLASSIFICATION Public
DOCUMENT TYPE White paper
STATUS Draft
VERSION 1.0
COMPLETED 13.03.2001
AUTHOR Sylvain Maret

Created: 8 mars 2001, by Sylvain Maret

Last save 13.03.01 10:20, by Sylvain Maret
 Table Of Contents

1. SECURE YOUR E-BUSINESS APPLICATION .............................................................................. 1

2. DESCRIPTION OF REVERSE PROXY......................................................................................... 2
3. HOW IT WORKS?................................................................................................................... 3
4. E-XPERT GATE KEY FEATURES................................................................................................. 4
4.1. SECURITY PROTOCOLS ........................................................................................................ 4
4.2. C IPHERS AND ALGORITHMS.................................................................................................. 4
4.3. PKI ENABLED.................................................................................................................... 4
4.4. AUTHENTICATION METHOD SUPPORTED ................................................................................... 4
4.5. HARDWARE CRYPTOGRAPHIC ACCELERATORS ......................................................................... 5
4.6. SECURED OS.................................................................................................................... 5
4.7. REVERSE PROXY TECHNOLOGIES ........................................................................................... 5

Created: 8 mars 2001, by Sylvain Maret

Last save 13.03.01 10:20, by Sylvain Maret
1. SECURE YOUR E-BUSINESS APPLICATION
e-Xpert Solutions SA suggests a solution based on SSL reverse proxy technology for
multiple e-commerce usage. This solution provides strong confidence and security to
leverage e-business environment. The solution is called e-Xpert Gate.
e-Xpert Gate can be used for securing:
• E-banking web servers
• Extranet secure web servers
• Online shopping
• Intranet secure web servers
• Medical Records Web Applications
• Email browser access
• Etc.
e-Xpert Gate uses SSL and TLS protocols to offer strong confidentiality and integrity
for sensitive information and transactions. Optionally, it can provide strong users
authentication mechanisms using RSA SecurID or personal certificates (PKI X509).
e-Xpert Solutions SA provides this solution on a “turnkey” package which consist off:
• IBM or SUN Microsystems Appliances
• OS secured by e-Xpert Solutions SA
• SSH server for management
• Backup solution
• System integrity check by Tripwire (FIA)
• Alarm system for monitoring
• SecurID agent
• Documentation (configuration and “day to day” operation)
• Options: SSL acceleration board, disk mirroring

Created: 8 mars 2001, by Sylvain Maret

Last save 13.03.01 10:20, by Sylvain Maret
2. DESCRIPTION OF REVERSE PROXY
Reverse Proxy is the name for certain alternate uses of a proxy server. It can be used
outside the firewall (ie: on the DMZ) to represent a secure content server to outside
clients, preventing direct, unmonitored access to your server's data from outside your
company.

Created: 8 mars 2001, by Sylvain Maret

Last save 13.03.01 10:20, by Sylvain Maret
3. HOW IT WORKS?
When a browser makes a request to your web site, the request goes to the e-Xpert
Gate server. The e-Xpert Gate then sends the browser's request through a specific
passage in the firewall to the content server. The content server passes the result
through the passage back to the e-Xpert Gate (reverse proxy).
The reverse proxy sends the retrieved information to the browser, as if the reverse
proxy were the actual content server.
In this way, the reverse proxy provides an additional barrier between the secure data
and the possibility of malicious attack.
This solution is based on Apache Server and Open SSL. e-Xpert Gate is fully
compliant with all the latest Internet and security standards. It works with all web
browsers and certificate authority.

e-Xpert Gate solution:

Created: 8 mars 2001, by Sylvain Maret

Last save 13.03.01 10:20, by Sylvain Maret
4. E-XPERT GATE KEY FEATURES

4.1. Security protocols

e-Xpert Gate supports:
• SSL version 2.0
• SSL version 3.0
• TLS version 1.0

4.2. Ciphers and algorithms

e-Xpert Gate supports :
• Key exchange: RSA, DSS, Diffie-Helman
• Symmetric ciphers: DES 56 bits, 3DES 168 bits, RC4, RC2, IDEA 128 bits, etc.
• Hashes: MD5, SHA1, etc

4.3. PKI enabled

e-Xpert Gate is fully PKI enabled. It supports:
• Support server and client SSL certificates (X509 V3)
• Support independent certification authorities (Verisign, Thawte, Certplus, etc.)
• Support private certification authorities
• Fully support Verisign Global Server Id (128 bits for every browser)
• Support Certificate revocation list (CRL) via “ldap” or manual transfer
• Granularity certificate checking for client authentication

4.4. Authentication method supported

e-Xpert Gate supports those methods for client authentication:
• PKI Client certificates (on Smart Card or Ikey2000 or files)
• SecurID RSA tokens
• HTTPS basic authentication
• External authentication using firewall (Radius, Tacacs, Axent, Ldap, Skey, etc.)

Created: 8 mars 2001, by Sylvain Maret

Last save 13.03.01 10:20, by Sylvain Maret
4.5. Hardware cryptographic accelerators
e-Xpert Gate can use Hardware SSL acceleration board for improving performance.
As an example, e-Xpert Gate is fully compliant with Rainbow Technologies
accelerator boards.

4.6. Secured OS
e-Xpert Gate run on a secured OS based on Solaris or Linux.
• Tripwire for file integrity (FIA)
• SSH server for secure management
• Secure file transfer with SSH
• SecurID agent for strong authentication
• Secured Monitoring system
• TCP Wrapper

4.7. Reverse Proxy Technologies

e-Xpert Gate run the reverse proxy using :
• Secured Apache server by e-Xpert Solutions SA
• Open SSL
• Mod_SSL
• Mod_SecurID
• Mod_Rewrite

Created: 8 mars 2001, by Sylvain Maret

Last save 13.03.01 10:20, by Sylvain Maret