DMZ Shield

Secure HTTP Reverse Proxy functionality
MultiSecure DMZ/Shield functions as a full reverse http proxy for the web server(s) residing behind it. This means that all http traffic has to pass through the MultiSecure DMZ/Shield before it can reach the webserver(s). Normally web servers are placed within the DMZ, this is the part of the network which is directly accessible from the hostile Internet. MultiSecure DMZ/Shield proxy capabilities allow the web server(s) to be taken out of the heat of the DMZ and to be placed in a trusted part the network. The use a reverse proxy is seen a good practice for a secure Internet infrastructure.

Multiple Web Server Protection
One MultiSecure DMZ/Shield can protect multiple web servers with different domain names located on one host or on multiple hosts. MultiSecure DMZ/Shield can also protect multiple SSL web sites with different certificates.

Extensive HTTP Protocol Validation
Application level vulnerabilities are discovered and published almost each day. Hackers, crackers and script kiddies misuse the HTTP protocol to exploit these vulnerabilities and to deface a web site or to gain access to confidential information. Only requests "you need and you know" are allowed to pass on to the webserver. This is the only protection against known and unknown web server vulnerabilities and exploits. This combines the advantages of a firewall's 'default-deny' stance (everything which is not explicitly allowed will be rejected) with the application level richness of application level intrusion-detection probes.

DMZ/Shield provides:
- request method filtering
- request and response header filtering
- URL filtering based on a policy of rules
- general sanity check on the URL-path

Accelerated Secure and Centralized SSL management
Web server performance deteriorates while initiating a SSL transaction. MultiSecure DMZ/Shield solves this problem by performing the SSL handshake for the web server(s).Furthermore configuring, securing and maintaining all the SSL settings of multiple web servers can be a cumbersome task. MultiSecure DMZ/Shield solves this by centralizing the SSL implementation. No need anymore to worry about SSL on the web servers as MultiSecure DMZ/Shield ships with a pre-configured SSL implementation. One MultiSecure DMZ/Shield can protect multiple web sites. Multiple SSL certificates can easily be integrated into one MultiSecure DMZ/Shield. DMZ/Shield also handles SSL client authentication, using web certificates.

Easy, intuitive Web-based Configuration
All configuration and administration of the MultiSecure DMZ/Shield is handled by a web-based graphical user interface. This GUI guides the user through all installation and configuration steps.

Highly Customizable Logging, Monitoring and Alerting Management
All MultiSecure DMZ/Shield activities are logged in detail and follow standards. This means logs can easily be incorporated into 3rd party products log analyzers like WebTrends. All security events are flagged according to their severity (informative, warning, alert) and appropriate steps defined by the corporate security policy can be taken ranging from basic logging to sending out security alerts and blocking the ongoing attacking session.

Optional Remote Management via Online Guardian
Customers who prefer outsourcing the management and monitoring of their security infrastructure can fall back on Ubizen Online Guardian. Doing so, management, configuration and monitoring of MultiSecure DMZ/Shield is remotely handled by the
security experts of the Online Guardian team.